I am using Centos7 and have just made some changes to the firewall. I am trying to configure my firewall to filter my ssh connection. I am following the How To documentation on Centos7 How Tos, Securing OpenSSh: Filter SSH at the Firewall. Essentially these fire wall settings are recording access to port 22, and limiting the number of times the ip can access the port to 4 times in 60 seconds. These are the commands I have just ran.
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name ssh --rsource
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp --dport 22 -m state --state NEW -m recent --set
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 1 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 4 -j REJECT --reject-with tcp-reset
firewall-cmd --reload
On firewall-cmd --reload I recive an the error
Error: COMMAND_FAILED: Direct: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: option "--state" requires an argument
Error occured at line: 2
Try 'iptables-restore -h' or 'iptables-restore --help' for more infomation.
Not sure what to do next. How do i give state an argument?