Blocking SSH ... BUT...
Craig White
craig at tobyhouse.com
Tue Sep 18 18:33:37 UTC 2007
On Tue, 2007-09-18 at 11:53 -0600, Ashley M. Kirchner wrote:
> Hey all,
>
> I have the following lines in my iptables config file to curb ssh
> knocking on our servers:
>
> # Let's see if we can curb SSH attacks.
> -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set
>
> -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --rcheck
> --seconds 120 --hitcount 2 -j LOG -log-prefix "SSH REJECT: "
>
> -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --rcheck
> --seconds 120 --hitcount 2 -j REJECT --reject-with tcp-reset
>
>
> This works great...EXCEPT it also blocks our own access to the
> servers if we need to get on them in a short amount of time (less than
> 120 seconds). So how can I still implement the above blocking, but
> allow anything from our different subnets (we have 4) come through
> without going through that block routine?
----
not responsive to your question but highly recommended...
denyhosts package (yum install denyhosts)
--
Craig White <craig at tobyhouse.com>
More information about the fedora-list
mailing list