[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Filtering IP addresses by domain name



First of all change the port of your SSH server, perhaps give it a large number such as 37854 (juas an example). Just doing this, will reduce your ssh attacks for 99% ;-)

Next, you want to do change following files, to match:

/etc/hosts.deny
ALL:ALL


...and:

/etc/hosts.allow
sshd: IP_of_your_SSH_server


Next, for IP tables do:

iptables -P INPUT DROP
iptables -A INPUT -s IP_of_your_SSH_server --dport your_new_ssh_port -j ACCEPT

This should be bulletproof (in theory), but only changing the ssh port, will reduce your ssh attacks for 99%, you'll see :)

Anze


-----Original Message-----
From: redhat-list-bounces redhat com [mailto:redhat-list-bounces redhat com] On Behalf Of Ryan Golhar
Sent: Monday, June 06, 2005 3:51 PM
To: 'General Red Hat Linux discussion list'
Subject: Filtering IP addresses by domain name

My machines keep getting attacked through ssh nightly.  I want to
prevent users from connecting to SSH unless they are coming in through a
specific ISP.  Is there a way I can filter a range of IPs based on
provider in iptables?



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]