Guy Fraser wrote:
I would tend to concur with this method.
Use iptables to block those you wish to absolutely block, and
use 'hosts.allow' to track all activity that is allowed through
iptables. As an example I allow some connections through the
firewall for ssh access, but then use additional restrictions
I do similarly: I allow unrestricted access from places (in Australia) I
know I might use. I rate-limit access from other places, to prevent
password enumeration.
I also run a vpn (openvpn) from my laptop for those times I get caught
out (and for better access to home and work).
in 'hosts.allow' and log all successful as well as unsuccessful
access attempts. I have a system that checks the logs and filters
out normal activity, then emails all other activity for analysis.
As someone once said, divide then conquer.
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx
Please do not reply off-list
