Blacklist & Whilelist IP's from server?

Rick Wagner wagnerric at condor.cxo.cpqcorp.net
Wed Aug 3 23:34:12 UTC 2005


On Wednesday 03 August 2005 6:22 am, Lonnie wrote:
> Greeting All,
>
> I have a Fedora 3 server up and running and I have noticed various IP's
> in my logs trying to hack SSH, APACHE, or email for example and even
> though I am running the built-in firewall through the "setup" program, I
> would like to know if there is some additional application that I can
> add that I can blacklist, and whilelist IP from connecting to my server
> at all?
>
> I am sure that there is something out there, but not sure what you might
> recommend?
>

As recommended in another reply, you need to evaluate whether you need ssh 
open through the firewall.  If so what are your needs?  Is it for your 
personal convenience, or a public service?  If it for your personal 
convenience (I use it to login to home from work), white list only the IP's 
of those systems you use (using iptables), and silently drop the rest.  There 
is always someone new running a port scanner, and you will spend half your 
life maintaining a black list.  BTW, port scanners are smart enough to detect 
simply changing the SSH port numbers, so don't rely on that.

If you will only use a few known systems, disable username/password login in 
sshd_config ("PasswordAuthentication no"), and only allow key login.  This 
will block username guessing.  You will then need to put the public keys from 
your remote systems onto your target system.  Also, disable root login, again 
in sshd_config ("PermitRootLogin no").


Home this helps.

	--rick

> Thanks all,
> Lonnie




More information about the fedora-list mailing list