Gentoo Archives: gentoo-security

From: Neil Cherry <ncherry@×××××××.net>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] [OT?] automatically firewalling off IPs
Date: Tue, 04 Oct 2005 18:03:12
In Reply to: Re: [gentoo-security] [OT?] automatically firewalling off IPs by Dave Strydom
Dave Strydom wrote:
> Which brings me back to my original idea, of only allowing your IP's to > connect to SSH on your servers, and just drop everything else, problem > solved.
I do something along those lines. At my firewall/router I have a rule that blocks private IP (and MS's 169 IP address). Other addresses are permitted through but all are logged. This script is on my ssh server for further protection (see below). I used to do a type of blacklisting (still do) but I haven't had any new entries since I started using this. BTW, I had a large number of IP's from China, Korea, Japan, Singapore, Brazil and a few other Asian countries. So blocking IP's (networks, not individual IP's) became unmanageable. Here's what I do (it's been trimmed and I broke the lines with \): # Allow these site access to my machine # -state NEW permit() { # I want to log just the start of the conversation /sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j LOG --syn \ --log-level info --log-prefix "iptables permit: " \ --log-ip-options /sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j ACCEPT } # Deny these sites access to my machine deny() { /sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j LOG \ --log-level alert --log-prefix "iptables deny: " \ --log-ip-options /sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j DROP } # =[ Flush the tables completely ]============================================ /sbin/iptables -F # =[ Permit list ]============================================================ #permit # Local stuff permit # Local stuff permit # Local stuff permit # Local stuff # =[ Deny list ]============================================================== deny # Deny everyone else exit 0 -- Linux Home Automation Neil Cherry ncherry@×××××××.net (Text only) (HCS II) My HA Blog -- gentoo-security@g.o mailing list