Gentoo Archives: gentoo-security

From: "Dave Strydom [i*]Group" <dave@×××××××××.za>
To: gentoo-security@l.g.o
Subject: RE: [gentoo-security] [OT?] automatically firewalling off IPs
Date: Mon, 31 Oct 2011 03:55:55
Message-Id: 200510031051.j93Ap4Ph012508@robin.gentoo.org
In Reply to: [gentoo-security] [OT?] automatically firewalling off IPs by Jeremy Brake
I don't have these Problems...

There are two ways to do this:

1) enable "extensions" flag in the USE line in make.conf and I enable the
GEOIP patch for iptables, and also recompile the kernel with the geoip
patch, then you can simply do this:

--------
iptables -A INPUT -p tcp -m geoip ! --src-cc US --dport 22 -j REJECT
--------
That way it will not allow any SSH connections to anyone outside your
country code.

2) Only Allow SSH connections from the IP's you use, for example we on a
static IP address at our office, so I allow connections my external servers
from that IP address, but when I am at home, I am on a dynamic IP. So I
allow access for the entire network that I'm connected to like:

$IPTABLES -A INPUT -p TCP -s 165.146.0.0/16 --dport 22 -j ACCEPT
$IPTABLES -A OUTPUT -p TCP -s 165.146.0.0/16 --dport 22 -j ACCEPT

The rest of the traffic I drop to port 22, I drop.

I find it a hell of a lot easier to allow only want I want to the server and
drop everything else, than to try and block every individual that tries to
connect to my ssh.


-----Original Message-----
From: Jeremy Brake [mailto:gentoolists@×××××××××××.nz] 
Sent: 02 October 2005 11:10 PM
To: gentoo-security@l.g.o
Subject: [gentoo-security] [OT?] automatically firewalling off IPs

Hey all,

I'm looking for an app/script which can monitor for failed ssh logins, and
block using IPTables for $time after $number of failed logins (an exclusion
list would be handy as well) so that I can put a quick stop to these niggly
brute-force ssh "attacks" I seem to be getting more and more often.

Anyone have any ideas?

Thanks, Jeremy B
--
gentoo-security@g.o mailing list

-- 
gentoo-security@g.o mailing list