Re: auth log full with
Hi.
On Sun, Aug 14, 2022 at 04:07:03PM +0200, Matthias Böttcher wrote:
> how do I block these ip ranges?
The usual way.
iptables -I INPUT -s <offending_ip_block> -p tcp --dport 22 \
-m conntrack --ctstate NEW -j DROP
or, if the source IP is an actual IPv6 (a rare thing in my experience):
ip6tables -I INPUT -s <offending_ip_block> -p tcp --dport 22 \
-m conntrack --ctstate NEW -j DROP
Add your favorite way to persist these between host reboots, and you're
set.
> Which source can I use to determine the geo location of ip addresses?
whois, geoiplookup, even https://bgp.he.net .
Whatever works, basically.
Last one is my favorite as it shows all IP blocks assigned to AS.
Really helpful with spammer nests such as outlook.com (AS8075) or
DigitalOcean (AS14061).
> Is there a Debian packet?
For the first two - sure.
You'll need whois and geoip-bin. Installing iptables is assumed.
Reco
Reply to: