Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: <gentoo-security@g.o>
From: "Dave Strydom [i*]Group" <dave@...>
Subject: RE: [OT?] automatically firewalling off IPs
Date: Mon, 3 Oct 2005 12:58:56 +0200
 
I don't have these Problems...

There are two ways to do this:

1) enable "extensions" flag in the USE line in make.conf and I enable the
GEOIP patch for iptables, and also recompile the kernel with the geoip
patch, then you can simply do this:

--------
iptables -A INPUT -p tcp -m geoip ! --src-cc US --dport 22 -j REJECT
--------
That way it will not allow any SSH connections to anyone outside your
country code.

2) Only Allow SSH connections from the IP's you use, for example we on a
static IP address at our office, so I allow connections my external servers
from that IP address, but when I am at home, I am on a dynamic IP. So I
allow access for the entire network that I'm connected to like:

$IPTABLES -A INPUT -p TCP -s 165.146.0.0/16 --dport 22 -j ACCEPT
$IPTABLES -A OUTPUT -p TCP -s 165.146.0.0/16 --dport 22 -j ACCEPT

The rest of the traffic I drop to port 22, I drop.

I find it a hell of a lot easier to allow only want I want to the server and
drop everything else, than to try and block every individual that tries to
connect to my ssh.


-----Original Message-----
From: Jeremy Brake [mailto:gentoolists@...] 
Sent: 02 October 2005 11:10 PM
To: gentoo-security@g.o
Subject: [gentoo-security] [OT?] automatically firewalling off IPs

Hey all,

I'm looking for an app/script which can monitor for failed ssh logins, and
block using IPTables for $time after $number of failed logins (an exclusion
list would be handy as well) so that I can put a quick stop to these niggly
brute-force ssh "attacks" I seem to be getting more and more often.

Anyone have any ideas?

Thanks, Jeremy B
--
gentoo-security@g.o mailing list

-- 
gentoo-security@g.o mailing list


References:
[OT?] automatically firewalling off IPs
-- Jeremy Brake
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: [OT?] automatically firewalling off IPs
Next by thread:
Re: [OT?] automatically firewalling off IPs
Previous by date:
Re: [OT?] automatically firewalling off IPs
Next by date:
Re: [OT?] automatically firewalling off IPs


Updated Oct 31, 2011

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.