On Saturday 07 May 2005 05:57 pm, Marko Vojinovic wrote: > On Saturday 07 May 2005 02:09, P. Thompson wrote: > > On Wed, 4 May 2005, Daniel B. Thurman wrote: > > > Folks, > > > > > > Seems that I am getting daily brute-force ssl attacks -- > > > Anything I can or should do? > > > > I wrote a little script that adds an iptables rule to drop the attacking > > ip address for an hour then remove the block. An hour might be overkill, > > but they never come back from the same address. > > > > It does not block on false users from IP ranges I normally come in from > > so if I fat-finger my login I'm not screwed for an hour. > > > > I keep my sshd unblocked because I periodically ssh in from previously > > unknown quarters and want that flexibility. > > Is there an easy way to manually block a specific IP? I would like to be > able to block and unblock a couple of IPs when I seem fit, but since I am a > begginer man iptables seems far too techy for me. Is there a recipe for > this? > > Also, are you willing to share your script with us (I guess I could learn > from it)? > > Best regards, > Marko >From the xterm, kterm, terminal, as root 1) iptables -I INPUT -s xxx.xxx.xxx.xxx/32 -j DROP # inserts the rule at the beginning. ( -A insted of -I places therule at the end and probably won't block the address since it most likely fit anouther rule.) 2) iptables -D INPUT -s xxx.xxx.xxx.xxx/32 -j DROP #removes the matching rule ( -R insted of -D replaces the rule.) -I = insert -A = append -D = delete -R = replace see man iptables -- John H Ludwig Common sense is so rare, why do they call it common!!! Manual customization of this file is not recommended, BUT WILL BE DONE!!!
