Re: Temporarily Disable IP [ANOTHER SOLUTION]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
What's your iptables version ?
Phil Dyer on Monday 10 Oct 2005 01:17 wrote:
> Interested in trying this, but can't seem to get it to work. I see
> packets hitting the --set --name SSH rule, but the drop following it
> never sees any packets. (using iptables -L -n -v). Seems like it should
> work, looks like I've got all the modules loaded that I need...
>
> phil
>
> Ritesh Raj Sarraf said:
>> Another solution besides using DenyHosts is to use the following set of
>> iptables commands. (Courtesy: A friend who constantly monitors this list
>> but wants to remain anonymous)
>>
>> ## create denylog chain
>> iptables -N denylog
>> iptables -A denylog -j LOG
>> iptables -A denylog -j DROP
>>
>> ## SSH Bruteforce
>> iptables -N SSH_WHITELIST
>> iptables -A SSH_WHITELIST -s 10.0.1.0/24 -m recent --remove --name SSH
>> - -j ACCEPT
>> iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
>> - --name SSH
>> iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_WHITELIST
>> iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
>> - --update --seconds 60 --hitcount 4 --rttl --name SSH -j denylog
>>
>>
>>
>> Creates a whilelist of one or more networks. All others are subject to
>> inspection. More than 4 hits within 60 seconds are denied. In case of 60
>> seconds without a hit, this rule is automatically cleared again. That's
>> the magic of the "recent"-module of iptables. It works for me - and it's
>> very useful!
>>
>> Thanks,
>>
>> rrs
>
> --
>
> phil
- --
Ritesh Raj Sarraf
RESEARCHUT -- http://www.researchut.com
Gnupg Key ID: 04F130BC
"Stealing logic from one person is plagiarism, stealing from many is
research."
"Necessity is the mother of invention."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDSaps4Rhi6gTxMLwRAjPCAJ4m0sraFUimQuA+INibfkI5Vgj4AACdGV5c
GbL2Om2VKdCf+8WYOhIdgtY=
=LpSU
-----END PGP SIGNATURE-----
Reply to: