[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Temporarily Disable IP [ANOTHER SOLUTION]

Hash: SHA1

What's your iptables version ?

Phil Dyer on Monday 10 Oct 2005 01:17 wrote:

> Interested in trying this, but can't seem to get it to work. I see
> packets hitting the --set --name SSH rule, but the drop following it
> never sees any packets. (using iptables -L -n -v). Seems like it should
> work, looks like I've got all the modules loaded that I need...
> phil
> Ritesh Raj Sarraf said:
>> Another solution besides using DenyHosts is to use the following set of
>> iptables commands. (Courtesy: A friend who constantly monitors this list
>> but wants to remain anonymous)
>> ## create denylog chain
>> iptables -N denylog
>> iptables -A denylog -j LOG
>> iptables -A denylog -j DROP
>> ## SSH Bruteforce
>> iptables -N SSH_WHITELIST
>> iptables -A SSH_WHITELIST -s -m recent --remove --name SSH
>> - -j ACCEPT
>> iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
>> - --name SSH
>> iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_WHITELIST
>> iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
>> - --update --seconds 60 --hitcount 4 --rttl --name SSH -j denylog
>> Creates a whilelist of one or more networks. All others are subject to
>> inspection. More than 4 hits within 60 seconds are denied. In case of 60
>> seconds without a hit, this rule is automatically cleared again. That's
>> the magic of the "recent"-module of iptables. It works for me - and it's
>> very useful!
>> Thanks,
>> rrs
> --
> phil

- -- 
Ritesh Raj Sarraf
RESEARCHUT -- http://www.researchut.com
Gnupg Key ID: 04F130BC
"Stealing logic from one person is plagiarism, stealing from many is
"Necessity is the mother of invention."
Version: GnuPG v1.4.1 (GNU/Linux)


Reply to: