Re: Blacklist & Whilelist IP's from server?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 03 Aug 2005 07:22:16 -0500, Lonnie wrote:

> Greeting All,
> 
> I have a Fedora 3 server up and running and I have noticed various IP's 
> in my logs trying to hack SSH, APACHE, or email for example and even 
> though I am running the built-in firewall through the "setup" program, I 
> would like to know if there is some additional application that I can 
> add that I can blacklist, and whilelist IP from connecting to my server 
> at all?
> 
> I am sure that there is something out there, but not sure what you might 
> recommend?
> 
> Thanks all,
> Lonnie

The rules of the firewall are stored in /etc/sysconfig/iptables.
You can insert new rules using /sbin/iptables. 

For instance, if you want to filter out the entire domain
65.54.0.0/255.255.0.0 you would do something like

/sbin/iptables -I RH-Firewall-1-INPUT 1 -s 65.54.0.0/255.255.0.0 -j DROP

This inserts (-I) in the chain called RH-Firewall-1-INPUT, at position 1
(top of the filrewall) the rule which drops (-j DROP) any packet with
source address 65.54.x.y (-s 65.54.0.0/255.255.0.0), regardless which
port they're probing (destination port on your machine). By dropping the
packets, you'll never hear from those guys ever again, and they won't know
you exist. 

This is just about the simplest but most effective rule you can insert to
filter out idiotic brute-force attacks on ssh, etc.

To see your new firewall,

/sbin/iptables -L -n --line-numbers

When you're happy, save it:

/sbin/iptables-save > /etc/sysconfig/iptables     #may want to back up the
old one first.

If you want to load an existing set of rules, use /sbin/iptables-restore
or /etc/rc.d/init.d/iptables stop/start.




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux