On Fri, Apr 19, 2013 at 02:13:46PM -0700, Fred Maillou wrote: > Hello, > sshguard detects brute force attacks and blocks IPs according to a > certain algorithm. For it to work it needs a rule: > iptables -N sshguard > iptables -A INPUT -j sshguard > And so in Shorewall's started.d/ I created a file and added; > #!/bin/bash > iptables -N sshguard > iptables -I INPUT 1 -j sshguard > Which makes this rule the first one, after which the Shorewall rules are > defined. > Is this the right way to add such a rule ? When a packet enters it will > go to sshguard. If the packet is not concerned by any rule in there, will > it go back to the first Shorewall INPUT rule ? > Thanks for suggestions/comments !
Tom already noted that that there is no started.d/ directory for Shorewall. However, I will add that the "right" solution is to disable password login for ssh, and allow only key-based authentication. That makes it effectively impossible for a brute force attack to succeed. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
