Blacklist & Whilelist IP's from server?
Amadeus W. M.
amadeus84 at cablespeed.com
Wed Aug 3 15:42:48 UTC 2005
On Wed, 03 Aug 2005 07:22:16 -0500, Lonnie wrote:
> Greeting All,
>
> I have a Fedora 3 server up and running and I have noticed various IP's
> in my logs trying to hack SSH, APACHE, or email for example and even
> though I am running the built-in firewall through the "setup" program, I
> would like to know if there is some additional application that I can
> add that I can blacklist, and whilelist IP from connecting to my server
> at all?
>
> I am sure that there is something out there, but not sure what you might
> recommend?
>
> Thanks all,
> Lonnie
The rules of the firewall are stored in /etc/sysconfig/iptables.
You can insert new rules using /sbin/iptables.
For instance, if you want to filter out the entire domain
65.54.0.0/255.255.0.0 you would do something like
/sbin/iptables -I RH-Firewall-1-INPUT 1 -s 65.54.0.0/255.255.0.0 -j DROP
This inserts (-I) in the chain called RH-Firewall-1-INPUT, at position 1
(top of the filrewall) the rule which drops (-j DROP) any packet with
source address 65.54.x.y (-s 65.54.0.0/255.255.0.0), regardless which
port they're probing (destination port on your machine). By dropping the
packets, you'll never hear from those guys ever again, and they won't know
you exist.
This is just about the simplest but most effective rule you can insert to
filter out idiotic brute-force attacks on ssh, etc.
To see your new firewall,
/sbin/iptables -L -n --line-numbers
When you're happy, save it:
/sbin/iptables-save > /etc/sysconfig/iptables #may want to back up the
old one first.
If you want to load an existing set of rules, use /sbin/iptables-restore
or /etc/rc.d/init.d/iptables stop/start.
More information about the fedora-list
mailing list