On Wed, 03 Aug 2005 07:22:16 -0500, Lonnie wrote: > Greeting All, > > I have a Fedora 3 server up and running and I have noticed various IP's > in my logs trying to hack SSH, APACHE, or email for example and even > though I am running the built-in firewall through the "setup" program, I > would like to know if there is some additional application that I can > add that I can blacklist, and whilelist IP from connecting to my server > at all? > > I am sure that there is something out there, but not sure what you might > recommend? > > Thanks all, > Lonnie The rules of the firewall are stored in /etc/sysconfig/iptables. You can insert new rules using /sbin/iptables. For instance, if you want to filter out the entire domain 65.54.0.0/255.255.0.0 you would do something like /sbin/iptables -I RH-Firewall-1-INPUT 1 -s 65.54.0.0/255.255.0.0 -j DROP This inserts (-I) in the chain called RH-Firewall-1-INPUT, at position 1 (top of the filrewall) the rule which drops (-j DROP) any packet with source address 65.54.x.y (-s 65.54.0.0/255.255.0.0), regardless which port they're probing (destination port on your machine). By dropping the packets, you'll never hear from those guys ever again, and they won't know you exist. This is just about the simplest but most effective rule you can insert to filter out idiotic brute-force attacks on ssh, etc. To see your new firewall, /sbin/iptables -L -n --line-numbers When you're happy, save it: /sbin/iptables-save > /etc/sysconfig/iptables #may want to back up the old one first. If you want to load an existing set of rules, use /sbin/iptables-restore or /etc/rc.d/init.d/iptables stop/start.
