Question 1

How does Firewalld-rest compare to fail2ban?

Accepted Answer

Firewalld-rest is proactive, blocking all SSH by default and allowing only authorized IPs via API, while fail2ban is reactive, banning IPs after failed attempts. This prevents attacks upfront but requires manual IP management.

Question 2

How to generate JWT tokens for Firewalld-rest?

Accepted Answer

Generate public and private keys with OpenSSL commands provided in the README, update the publicCert.go file, and use a tool like jwt.io to create tokens with the RS256 algorithm. Keep the private key secure for signing.

Question 3

Can Firewalld-rest work with Docker or cloud servers?

Accepted Answer

It requires firewalld and root access, so on Docker, you'd need privileged containers or host access. For cloud servers, it works but manual API calls are needed if IPs change, which may be impractical for elastic IPs.

Question 4

What happens if the REST service goes down?

Accepted Answer

Existing authorized IPs remain in firewalld rules due to the --permanent flag, so SSH access persists, but new IPs can't be added until the service is restored, relying on the persistent database for tracking.

Question 5

Does Firewalld-rest support IPv6 or rate limiting?

Accepted Answer

The README shows IPv4 focus in firewall-cmd examples, so IPv6 support is likely limited. Rate limiting is listed as a possible enhancement but not implemented, leaving the API potentially vulnerable to abuse.

Question 6

How to manage multiple servers with Firewalld-rest?

Accepted Answer

Use the Kubernetes ingress setup described in the README, routing requests like /m1, /m2 to different nodes. For non-Kubernetes setups, you'd need to deploy and expose the service on each server individually.

Question 7

Is Firewalld-rest secure against API attacks?

Accepted Answer

It uses JWT with RS256 for authentication, which is secure if private keys are protected. However, the README notes rate limiting is not yet implemented, so without additional measures, the API could be targeted for denial-of-service.

firewalld-rest

What is firewalld-rest?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Open Source Alternative To

Frequently Asked Questions