Dave Strydom wrote:
Which brings me back to my original idea, of only allowing your IP's to
connect to SSH on your servers, and just drop everything else, problem
solved.
I do something along those lines. At my firewall/router I have a
rule that blocks private IP (and MS's 169 IP address). Other
addresses are permitted through but all are logged. This script
is on my ssh server for further protection (see below). I used
to do a type of blacklisting (still do) but I haven't had any
new entries since I started using this. BTW, I had a large
number of IP's from China, Korea, Japan, Singapore, Brazil and
a few other Asian countries. So blocking IP's (networks, not
individual IP's) became unmanageable.
Here's what I do (it's been trimmed and I broke the lines with \):
# Allow these site access to my machine
# -state NEW
permit() {
# I want to log just the start of the conversation
/sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j LOG --syn \
--log-level info --log-prefix "iptables permit: " \
--log-ip-options
/sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j ACCEPT
}
# Deny these sites access to my machine
deny() {
/sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j LOG \
--log-level alert --log-prefix "iptables deny: " \
--log-ip-options
/sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j DROP
}
# =[ Flush the tables completely ]============================================
/sbin/iptables -F
# =[ Permit list ]============================================================
#permit 127.0.0.0/8 # Local stuff
permit 10.0.0.0/8 # Local stuff
permit 172.16.0.0/12 # Local stuff
permit 192.168.0.0/16 # Local stuff
# =[ Deny list ]==============================================================
deny 0.0.0.0/0 # Deny everyone else
exit 0
--
Linux Home Automation Neil Cherry [EMAIL PROTECTED]
http://home.comcast.net/~ncherry/ (Text only)
http://hcs.sourceforge.net/ (HCS II)
http://linuxha.blogspot.com/ My HA Blog
--
[email protected] mailing list
