I don't have these Problems... There are two ways to do this:
1) enable "extensions" flag in the USE line in make.conf and I enable the GEOIP patch for iptables, and also recompile the kernel with the geoip patch, then you can simply do this: -------- iptables -A INPUT -p tcp -m geoip ! --src-cc US --dport 22 -j REJECT -------- That way it will not allow any SSH connections to anyone outside your country code. 2) Only Allow SSH connections from the IP's you use, for example we on a static IP address at our office, so I allow connections my external servers from that IP address, but when I am at home, I am on a dynamic IP. So I allow access for the entire network that I'm connected to like: $IPTABLES -A INPUT -p TCP -s 165.146.0.0/16 --dport 22 -j ACCEPT $IPTABLES -A OUTPUT -p TCP -s 165.146.0.0/16 --dport 22 -j ACCEPT The rest of the traffic I drop to port 22, I drop. I find it a hell of a lot easier to allow only want I want to the server and drop everything else, than to try and block every individual that tries to connect to my ssh. -----Original Message----- From: Jeremy Brake [mailto:[EMAIL PROTECTED] Sent: 02 October 2005 11:10 PM To: [email protected] Subject: [gentoo-security] [OT?] automatically firewalling off IPs Hey all, I'm looking for an app/script which can monitor for failed ssh logins, and block using IPTables for $time after $number of failed logins (an exclusion list would be handy as well) so that I can put a quick stop to these niggly brute-force ssh "attacks" I seem to be getting more and more often. Anyone have any ideas? Thanks, Jeremy B -- [email protected] mailing list -- [email protected] mailing list
