[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Blocking SSH ... BUT...



Ashley M. Kirchner wrote:

   Hey all,

I have the following lines in my iptables config file to curb ssh knocking on our servers:

# Let's see if we can curb SSH attacks.
-A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set

-A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --rcheck --seconds 120 --hitcount 2 -j LOG -log-prefix "SSH REJECT: "

-A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --rcheck --seconds 120 --hitcount 2 -j REJECT --reject-with tcp-reset


This works great...EXCEPT it also blocks our own access to the servers if we need to get on them in a short amount of time (less than 120 seconds). So how can I still implement the above blocking, but allow anything from our different subnets (we have 4) come through without going through that block routine?


Allow your subnets before the above rules.  Here's a sample rule:

-A INPUT -s 10.0.0.0/24 -p tcp --dport 22 --syn -j ACCEPT
# subnet    ^^^^^^^^^^^

You'd need one rule for each subnet.

hth


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]