On Wed, 2005-03-23 at 07:30 -0700, Michael Marsh wrote: > I have a hardware firewall that forwards incoming connections on port 80 > to port 22 (I can't ssh to my home box from work if I don't use port 80 > since all other outgoing ports are blocked). I am trying to build an > additional iptables firewall on my linux box which sits behind the > router. Obviously port 80 is open to the world and the world thinks it > is an http port so I am getting alot of hack attempts. Is there a way to > identify any non ssh packets and stop them in their tracks. This is > tricky since my own ssh connection will travel to port 80 and is then > forwarded to port 22 behind the router. Are TCP packets identified by > port number or service type or both. Thanks in advance... I need a > little education. > You can limit to a valid source IP range. I would also use swatch to whack hackers at the first attempt. Swatch is a log watcher that can run a script when a pattern is matched (among other things). If you are new to IPTables, I recommend using webmin as a gui. -- ________________________________________________________________________ Kill Spam at the Source: http://www.TQMcube.com/spam_trap.htm Today's Spam Trap Adds: http://www.TQMcube.com/BlockedToday RBLDNSD HowTo: http://www.TQMcube.com/rbldnsd.htm
