[Fedora] Re: Blocking SSH ... BUT...
Ashley M. Kirchner
ashley at pcraft.com
Tue Sep 18 18:44:41 UTC 2007
Mike Wright wrote:
> Allow your subnets before the above rules. Here's a sample rule:
>
> -A INPUT -s 10.0.0.0/24 -p tcp --dport 22 --syn -j ACCEPT
> # subnet ^^^^^^^^^^^
>
> You'd need one rule for each subnet.
>
> hth
Awesome Mike, that worked like a charm. Thanks!
Somewhat related question: would the same rules work for ftp attacks
as well? Obviously replacing the port number with 21, but would they
work? Duplicate the lines, replace port and hope that ftp also gets
curbed the same way?
--
W | It's not a bug - it's an undocumented feature.
+--------------------------------------------------------------------
Ashley M. Kirchner <mailto:ashley at pcraft.com> . 303.442.6410 x130
IT Director / SysAdmin / Websmith . 800.441.3873 x130
Photo Craft Imaging . 3550 Arapahoe Ave. #6
http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.
More information about the fedora-list
mailing list