[Fedora] Re: Blocking SSH ... BUT...
Martin Marques
martin at bugs.unl.edu.ar
Tue Sep 18 20:21:06 UTC 2007
Ashley M. Kirchner wrote:
> Mike Wright wrote:
>> Allow your subnets before the above rules. Here's a sample rule:
>>
>> -A INPUT -s 10.0.0.0/24 -p tcp --dport 22 --syn -j ACCEPT
>> # subnet ^^^^^^^^^^^
>>
>> You'd need one rule for each subnet.
>>
>> hth
>
> Awesome Mike, that worked like a charm. Thanks!
>
> Somewhat related question: would the same rules work for ftp attacks
> as well? Obviously replacing the port number with 21, but would they
> work? Duplicate the lines, replace port and hope that ftp also gets
> curbed the same way?
Ashley, try a combination on fail2ban and denyhosts.
--
21:50:04 up 2 days, 9:07, 0 users, load average: 0.92, 0.37, 0.18
---------------------------------------------------------
Lic. Martín Marqués | SELECT 'mmarques' ||
Centro de Telemática | '@' || 'unl.edu.ar';
Universidad Nacional | DBA, Programador,
del Litoral | Administrador
---------------------------------------------------------
More information about the fedora-list
mailing list