Divan Santana wrote: >A better way would probably be to secure ssh better perhaps with ssh rate >limiting or something?
Configure sshd to only allow selected users (and specifically NOT root !), make sure all allowed users have good passwords. Then install something like fail2ban. fail2ban simply watches your logs, and if you have a number (configurable) of failed login attempts it adds an iptables rule to block connections from that IP for a (configurable) time. Apart from limiting to specific fixed IPs, it's probably about as secure as you'll get it. I used to regularly get hundred of connection attempts every day, obvious brute force attacks - now they simply get blocked by fail2ban and the attacker simply goes somewhere else. If you still want to filter by IP address, how about filtering by the IP block that home and work are allocated from ? It won't stop someone on the same ISP from attacking you (in which case you could complain and get them kicked out), but it will stop the rest of the world. NB - You may want to read http://www.ossec.net/en/attacking-loganalysis.html and then add a few '$'s to the regex's in the config file. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
