[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Blocking SSH ... BUT...



On Tue, 2007-09-18 at 11:53 -0600, Ashley M. Kirchner wrote:
>     Hey all,
> 
>     I have the following lines in my iptables config file to curb ssh 
> knocking on our servers:
> 
> # Let's see if we can curb SSH attacks.
> -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set
> 
> -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --rcheck 
> --seconds 120 --hitcount 2 -j LOG  -log-prefix "SSH REJECT: "
> 
> -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --rcheck 
> --seconds 120 --hitcount 2 -j REJECT --reject-with tcp-reset
> 
> 
>     This works great...EXCEPT it also blocks our own access to the 
> servers if we need to get on them in a short amount of time (less than 
> 120 seconds).  So how can I still implement the above blocking, but 
> allow anything from our different subnets (we have 4) come through 
> without going through that block routine?

The easiest way would be to add a line for each subnet you want to allow
ABOVE the code above:

    -A INPUT -p tcp --sync --dport 22 -s www.xxx.yyy.zzz/aa -j ACCEPT

replacing "www.xxx.yyy.zzz/aa" with each subnet/mask you want to allow.
This would instantly allow ssh access from your network(s) before those
attempts hit the blocking code.  That's what we do.

----------------------------------------------------------------------
- Rick Stevens, Principal Engineer             rstevens internap com -
- CDN Systems, Internap, Inc.                http://www.internap.com -
-                                                                    -
-    Working with Linux is like wrestling with a worthy opponent.    -
-   Working with Windows is like picking on an annoyed child with a  -
-                            loaded handgun.                         -
----------------------------------------------------------------------


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]