Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Neil Cherry <ncherry@...>
Subject: Re: [OT?] automatically firewalling off IPs
Date: Tue, 04 Oct 2005 13:52:50 -0400
Dave Strydom wrote:
> Which brings me back to my original idea, of only allowing your IP's to
> connect to SSH on your servers, and just drop everything else, problem
> solved.

I do something along those lines. At my firewall/router I have a
rule that blocks private IP (and MS's 169 IP address). Other
addresses are permitted through but all are logged. This script
is on my ssh server for further protection (see below). I used
to do a type of blacklisting (still do) but I haven't had any
new entries since I started using this. BTW, I had a large
number of IP's from China, Korea, Japan, Singapore, Brazil and
a few other Asian countries. So blocking IP's (networks, not
individual IP's) became unmanageable.

Here's what I do (it's been trimmed and I broke the lines with \):

# Allow these site access to my machine
# -state NEW

permit() {
     # I want to log just the start of the conversation
     /sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j LOG --syn \
                    --log-level info --log-prefix "iptables permit: " \
                    --log-ip-options
     /sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j ACCEPT
}

# Deny these sites access to my machine
deny() {
     /sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j LOG \
                    --log-level alert --log-prefix "iptables deny: " \
                    --log-ip-options
     /sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j DROP
}

# =[ Flush the tables completely ]============================================
/sbin/iptables -F

# =[ Permit list ]============================================================
#permit 127.0.0.0/8             # Local stuff
permit 10.0.0.0/8               # Local stuff
permit 172.16.0.0/12            # Local stuff
permit 192.168.0.0/16           # Local stuff

# =[ Deny list ]==============================================================
deny 0.0.0.0/0          # Deny everyone else
 

exit 0


-- 
Linux Home Automation         Neil Cherry       ncherry@...
http://home.comcast.net/~ncherry/               (Text only)
http://hcs.sourceforge.net/                     (HCS II)
http://linuxha.blogspot.com/                    My HA Blog
-- 
gentoo-security@g.o mailing list


References:
[OT?] automatically firewalling off IPs
-- Jeremy Brake
Re: [OT?] automatically firewalling off IPs
-- Jeremy Brake
Re: [OT?] automatically firewalling off IPs
-- Joerg Mertin
Re: [OT?] automatically firewalling off IPs
-- Dave Strydom
Re: [OT?] automatically firewalling off IPs
-- Kyle Lutze
Re: [OT?] automatically firewalling off IPs
-- Dave Strydom
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: [OT?] automatically firewalling off IPs
Next by thread:
Re: [OT?] automatically firewalling off IPs
Previous by date:
Re: [OT?] automatically firewalling off IPs
Next by date:
Re: [OT?] automatically firewalling off IPs


Updated Oct 31, 2011

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.