Centos7, firewall-cmd --reload, "COMMAND_FAILED --state requires an argument" How to give state an argument?

Question

I am using Centos7 and have just made some changes to the firewall. I am trying to configure my firewall to filter my ssh connection. I am following the How To documentation on Centos7 How Tos, Securing OpenSSh: Filter SSH at the Firewall. Essentially these fire wall settings are recording access to port 22, and limiting the number of times the ip can access the port to 4 times in 60 seconds. These are the commands I have just ran.

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name ssh --rsource
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT 

firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp --dport 22 -m state --state NEW -m recent --set
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 1 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 4 -j REJECT --reject-with tcp-reset
firewall-cmd --reload

On firewall-cmd --reload I recive an the error

Error: COMMAND_FAILED: Direct: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: option "--state" requires an argument
Error occured at line: 2
Try 'iptables-restore -h' or 'iptables-restore --help' for more infomation.

Not sure what to do next. How do i give state an argument?

Why not just use one or the other? If you're going to use `firewalld` then you don't need `iptables`. — Nasir Riley, Mar 16 '19 at 22:32
Is your system up to date? Why have you entered manual iptables commands? — Michael Hampton, Mar 17 '19 at 00:27

Centos7, firewall-cmd --reload, "COMMAND_FAILED --state requires an argument" How to give state an argument?

0 Answers0