22 Dec
2005
22 Dec
'05
08:24
I have a problem on one of my servers. A specific host has been attacking my server via ssh for the past 5 hours.
Now it is starting to cost me in bandwidth usage.
How can I set up SuSEFirewall2 to just drop all packets from that specific host? I don't know how to do it with SUSE Firewall but you can do it by hand with iptables: iptables -A INPUT -s ip.address.of.the.attacker -j DROP
From archive, I see that you can add the script in /etc/sysconfig/scripts/SuSEfirewall2-custom in fw_custom_before_port_handling() But I havent tried it yet.
regards, -- Arie Reynaldi Zanahar reymanx at gmail.com http://www.reynaldi.or.id