| 1 |
I don't have these Problems... |
| 2 |
|
| 3 |
There are two ways to do this: |
| 4 |
|
| 5 |
1) enable "extensions" flag in the USE line in make.conf and I enable the |
| 6 |
GEOIP patch for iptables, and also recompile the kernel with the geoip |
| 7 |
patch, then you can simply do this: |
| 8 |
|
| 9 |
-------- |
| 10 |
iptables -A INPUT -p tcp -m geoip ! --src-cc US --dport 22 -j REJECT |
| 11 |
-------- |
| 12 |
That way it will not allow any SSH connections to anyone outside your |
| 13 |
country code. |
| 14 |
|
| 15 |
2) Only Allow SSH connections from the IP's you use, for example we on a |
| 16 |
static IP address at our office, so I allow connections my external servers |
| 17 |
from that IP address, but when I am at home, I am on a dynamic IP. So I |
| 18 |
allow access for the entire network that I'm connected to like: |
| 19 |
|
| 20 |
$IPTABLES -A INPUT -p TCP -s 165.146.0.0/16 --dport 22 -j ACCEPT |
| 21 |
$IPTABLES -A OUTPUT -p TCP -s 165.146.0.0/16 --dport 22 -j ACCEPT |
| 22 |
|
| 23 |
The rest of the traffic I drop to port 22, I drop. |
| 24 |
|
| 25 |
I find it a hell of a lot easier to allow only want I want to the server and |
| 26 |
drop everything else, than to try and block every individual that tries to |
| 27 |
connect to my ssh. |
| 28 |
|
| 29 |
|
| 30 |
-----Original Message----- |
| 31 |
From: Jeremy Brake [mailto:gentoolists@×××××××××××.nz] |
| 32 |
Sent: 02 October 2005 11:10 PM |
| 33 |
To: gentoo-security@l.g.o |
| 34 |
Subject: [gentoo-security] [OT?] automatically firewalling off IPs |
| 35 |
|
| 36 |
Hey all, |
| 37 |
|
| 38 |
I'm looking for an app/script which can monitor for failed ssh logins, and |
| 39 |
block using IPTables for $time after $number of failed logins (an exclusion |
| 40 |
list would be handy as well) so that I can put a quick stop to these niggly |
| 41 |
brute-force ssh "attacks" I seem to be getting more and more often. |
| 42 |
|
| 43 |
Anyone have any ideas? |
| 44 |
|
| 45 |
Thanks, Jeremy B |
| 46 |
-- |
| 47 |
gentoo-security@g.o mailing list |
| 48 |
|
| 49 |
-- |
| 50 |
gentoo-security@g.o mailing list |
Archives