Re: Temporarily Disable IP [ANOTHER SOLUTION]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Phil Dyer on Monday 10 Oct 2005 06:40 wrote:
> Ritesh Raj Sarraf said:
>> What's your iptables version ?
>
> sarge 1.2.11-10.
Then it has to work.
I'm using the same and am very happy. The attacks have lowered down by 90%
because all were from automated scripts.
Please re-check the commands you're using.
## create denylog chain
iptables -N denylog
iptables -A denylog -j LOG
iptables -A denylog -j DROP
## SSH Bruteforce
iptables -N SSH_WHITELIST
iptables -A SSH_WHITELIST -s 10.0.1.0/24 -m recent --remove --name SSH
- -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
- --name SSH
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_WHITELIST
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
- --update --seconds 60 --hitcount 4 --rttl --name SSH -j denylog
Creates a whilelist of one or more networks. All others are subject to
inspection. More than 4 hits within 60 seconds are denied. In case of 60
seconds without a hit, this rule is automatically cleared again. That's
the magic of the "recent"-module of iptables. It works for me - and it's
very useful!
HTH,
rrs
- --
Ritesh Raj Sarraf
RESEARCHUT -- http://www.researchut.com
Gnupg Key ID: 04F130BC
"Stealing logic from one person is plagiarism, stealing from many is
research."
"Necessity is the mother of invention."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDSr4q4Rhi6gTxMLwRAg+cAJ0a1K+0EtXzkFmfIeJUBpAAmV2BfACgkDnA
2c94mlHWTogPT/8hpUBKsVA=
=jqvm
-----END PGP SIGNATURE-----
Reply to: