Anything new about this topic?
We want to use fail2ban, but it does not work, as firewalld is not running.
2015-03-05 13:58:33,025 fail2ban.action [20699]: ERROR ipset create fail2ban-sshd hash:ip timeout 600
firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dports ssh -m set --match-set fail2ban-sshd src -j REJECT --reject-with icmp-port-unreachable -- stdout: '\x1b[91mFirewallD is not running\x1b[00m\n'
But when we start firewalld with "systemctl start firewalld", our website is blocked. We were lucky, because ssh was not blocked, so I could stop firewalld again.