Hi Nigel,
I would like to create a list of IP address's that should be denied all access to my server. I have currently 2 or 3 people making a deliberate effort to hack into my SSH port, and so I would like to deny them access to it at firewall level, as well as all other ports. I can't seem to find information in the Suse documentation on firewall2.
--> Usually, one does it the other way around: deny access for everybody and then allow selectively only those IPs that are allowed to connect. This has the advantage to secure your server even if the bad guys change IPs or other people try to attack you. You should leave FW_SERVICES_EXT_TCP empty and put the allowed SSH IPs/Nets into FW_TRUSTED_NETS. Unfortunately, I'm not god in IPTABLES so I can't tell you which rules you have to add to reject single IPs. But they would have to go to /etc/sysconfig/scripts/SuSEfirewall2-custom Probably in "fw_custom_before_antispoofing()" add something like (untested): iptables -I INPUT -j DROP -s IP_to_block HTH, Armin -- Am Hasenberg 26 office: Institut für Atmosphärenphysik D-18209 Bad Doberan Schloss-Straße 6 Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50