On 8/31/06, JeeBee <JeeBee@xxxxxxxxxxxx> wrote:
I just had the same problem. I wanted to block an ip that is constantly doing a dictionary attack on my system. This is the situation before: /etc/hosts.allow: ALL : <some trusted domains here> sshd : ALL /etc/hosts.deny: ALL : ALL The only way I could see to add this ip address I want to block is to change sshd:ALL in hosts.allow to sshd:ALL EXCEPT 1.2.3.4. If I sould add sshd:1.2.3.4 to hosts.deny, this would totally be ignored. Perhaps it would be more neat to remove sshd:ALL from hosts.allow and to remove ALL:ALL from hosts.deny. Then I could say sshd:1.2.3.4 in hosts.deny. However, what more will be allowed then? The ALL:ALL in hosts.deny blocks a lot more of course. Still, I have the feeling that ALL EXCEPT <long lists of untrusted ips here> is not the way to go. Can anybody tell me how this should be done?
Hey, A script which automatically blocks the offending ips. Please read the documentation for more information regarding this. http://denyhosts.sourceforge.net/ Regards Ankush Grover