[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Fedora] Re: Blocking SSH ... BUT...



Mike Wright wrote:
Allow your subnets before the above rules.  Here's a sample rule:

-A INPUT -s 10.0.0.0/24 -p tcp --dport 22 --syn -j ACCEPT
# subnet    ^^^^^^^^^^^

You'd need one rule for each subnet.

hth

   Awesome Mike, that worked like a charm.  Thanks!

Somewhat related question: would the same rules work for ftp attacks as well? Obviously replacing the port number with 21, but would they work? Duplicate the lines, replace port and hope that ftp also gets curbed the same way?

--
W | It's not a bug - it's an undocumented feature.
 +--------------------------------------------------------------------
 Ashley M. Kirchner <mailto:ashley pcraft com>   .   303.442.6410 x130
 IT Director / SysAdmin / Websmith             .     800.441.3873 x130
 Photo Craft Imaging                       .     3550 Arapahoe Ave. #6
http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]