Re: Blocking SSH ... BUT...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ashley M. Kirchner wrote:

   Hey all,

I have the following lines in my iptables config file to curb ssh knocking on our servers:

# Let's see if we can curb SSH attacks.
-A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set

-A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --rcheck --seconds 120 --hitcount 2 -j LOG -log-prefix "SSH REJECT: "

-A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --rcheck --seconds 120 --hitcount 2 -j REJECT --reject-with tcp-reset


This works great...EXCEPT it also blocks our own access to the servers if we need to get on them in a short amount of time (less than 120 seconds). So how can I still implement the above blocking, but allow anything from our different subnets (we have 4) come through without going through that block routine?


Allow your subnets before the above rules.  Here's a sample rule:

-A INPUT -s 10.0.0.0/24 -p tcp --dport 22 --syn -j ACCEPT
# subnet    ^^^^^^^^^^^

You'd need one rule for each subnet.

hth


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux