On Saturday 07 May 2005 02:09, P. Thompson wrote: > On Wed, 4 May 2005, Daniel B. Thurman wrote: > > Folks, > > > > Seems that I am getting daily brute-force ssl attacks -- > > Anything I can or should do? > > I wrote a little script that adds an iptables rule to drop the attacking > ip address for an hour then remove the block. An hour might be overkill, > but they never come back from the same address. > > It does not block on false users from IP ranges I normally come in from so > if I fat-finger my login I'm not screwed for an hour. > > I keep my sshd unblocked because I periodically ssh in from previously > unknown quarters and want that flexibility. Is there an easy way to manually block a specific IP? I would like to be able to block and unblock a couple of IPs when I seem fit, but since I am a begginer man iptables seems far too techy for me. Is there a recipe for this? Also, are you willing to share your script with us (I guess I could learn from it)? Best regards, Marko
