Filtering IP addresses by domain name
Anže Vidmar
Anze.Vidmar at avtenta.si
Mon Jun 6 13:58:50 UTC 2005
First of all change the port of your SSH server, perhaps give it a large number such as 37854 (juas an example). Just doing this, will reduce your ssh attacks for 99% ;-)
Next, you want to do change following files, to match:
/etc/hosts.deny
ALL:ALL
...and:
/etc/hosts.allow
sshd: IP_of_your_SSH_server
Next, for IP tables do:
iptables -P INPUT DROP
iptables -A INPUT -s IP_of_your_SSH_server --dport your_new_ssh_port -j ACCEPT
This should be bulletproof (in theory), but only changing the ssh port, will reduce your ssh attacks for 99%, you'll see :)
Anze
-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of Ryan Golhar
Sent: Monday, June 06, 2005 3:51 PM
To: 'General Red Hat Linux discussion list'
Subject: Filtering IP addresses by domain name
My machines keep getting attacked through ssh nightly. I want to
prevent users from connecting to SSH unless they are coming in through a
specific ISP. Is there a way I can filter a range of IPs based on
provider in iptables?
More information about the redhat-list
mailing list