Fedora Users — Re: [Fedora] Re: Blocking SSH ... BUT...

Re: [Fedora] Re: Blocking SSH ... BUT...

Date Prev

Date Next

Thread Prev

Thread Next

Date Index

Thread Index

To: For users of Fedora <fedora-list@xxxxxxxxxx>

Subject: Re: [Fedora] Re: Blocking SSH ... BUT...

From: Mike Wright <mike.wright@xxxxxxxxxxxxxx>

Date: Tue, 18 Sep 2007 12:09:50 -0700

In-reply-to: <46F01C99.4050900@xxxxxxxxxx>

References: <46F01094.9000406@xxxxxxxxxx> <46F016AB.1000601@xxxxxxxxxxxxxx> <46F01C99.4050900@xxxxxxxxxx>

Reply-to: For users of Fedora <fedora-list@xxxxxxxxxx>

User-agent: Mozilla Thunderbird 1.0.2-6 (X11/20050513)

Ashley M. Kirchner wrote:

Mike Wright wrote:

Allow your subnets before the above rules.  Here's a sample rule:

-A INPUT -s 10.0.0.0/24 -p tcp --dport 22 --syn -j ACCEPT
# subnet    ^^^^^^^^^^^

You'd need one rule for each subnet.

hth



   Awesome Mike, that worked like a charm.  Thanks!


Very welcome.

Somewhat related question: would the same rules work for ftp attacksas well? Obviously replacing the port number with 21, but would theywork? Duplicate the lines, replace port and hope that ftp also getscurbed the same way?

I think so. I know that there are connection tracking issues with ftpbut I don't think that applies here. Each connection starts with aninitial NEW packet.