1 |
I don't have these Problems... |
2 |
|
3 |
There are two ways to do this: |
4 |
|
5 |
1) enable "extensions" flag in the USE line in make.conf and I enable the |
6 |
GEOIP patch for iptables, and also recompile the kernel with the geoip |
7 |
patch, then you can simply do this: |
8 |
|
9 |
-------- |
10 |
iptables -A INPUT -p tcp -m geoip ! --src-cc US --dport 22 -j REJECT |
11 |
-------- |
12 |
That way it will not allow any SSH connections to anyone outside your |
13 |
country code. |
14 |
|
15 |
2) Only Allow SSH connections from the IP's you use, for example we on a |
16 |
static IP address at our office, so I allow connections my external servers |
17 |
from that IP address, but when I am at home, I am on a dynamic IP. So I |
18 |
allow access for the entire network that I'm connected to like: |
19 |
|
20 |
$IPTABLES -A INPUT -p TCP -s 165.146.0.0/16 --dport 22 -j ACCEPT |
21 |
$IPTABLES -A OUTPUT -p TCP -s 165.146.0.0/16 --dport 22 -j ACCEPT |
22 |
|
23 |
The rest of the traffic I drop to port 22, I drop. |
24 |
|
25 |
I find it a hell of a lot easier to allow only want I want to the server and |
26 |
drop everything else, than to try and block every individual that tries to |
27 |
connect to my ssh. |
28 |
|
29 |
|
30 |
-----Original Message----- |
31 |
From: Jeremy Brake [mailto:gentoolists@×××××××××××.nz] |
32 |
Sent: 02 October 2005 11:10 PM |
33 |
To: gentoo-security@l.g.o |
34 |
Subject: [gentoo-security] [OT?] automatically firewalling off IPs |
35 |
|
36 |
Hey all, |
37 |
|
38 |
I'm looking for an app/script which can monitor for failed ssh logins, and |
39 |
block using IPTables for $time after $number of failed logins (an exclusion |
40 |
list would be handy as well) so that I can put a quick stop to these niggly |
41 |
brute-force ssh "attacks" I seem to be getting more and more often. |
42 |
|
43 |
Anyone have any ideas? |
44 |
|
45 |
Thanks, Jeremy B |
46 |
-- |
47 |
gentoo-security@g.o mailing list |
48 |
|
49 |
-- |
50 |
gentoo-security@g.o mailing list |