Re: [Fedora] Re: Blocking SSH ... BUT...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ashley M. Kirchner wrote:
Mike Wright wrote:
Allow your subnets before the above rules.  Here's a sample rule:

-A INPUT -s 10.0.0.0/24 -p tcp --dport 22 --syn -j ACCEPT
# subnet    ^^^^^^^^^^^

You'd need one rule for each subnet.

hth

   Awesome Mike, that worked like a charm.  Thanks!

Somewhat related question: would the same rules work for ftp attacks as well? Obviously replacing the port number with 21, but would they work? Duplicate the lines, replace port and hope that ftp also gets curbed the same way?

Ashley, try a combination on fail2ban and denyhosts.

--
 21:50:04 up 2 days,  9:07,  0 users,  load average: 0.92, 0.37, 0.18
---------------------------------------------------------
Lic. Martín Marqués         |   SELECT 'mmarques' ||
Centro de Telemática        |       '@' || 'unl.edu.ar';
Universidad Nacional        |   DBA, Programador,
    del Litoral             |   Administrador
---------------------------------------------------------


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux