Danesh Daroui wrote:
Hi all,
I have set up a SSH server for few weeks ago. During these weeks my server has been under very very intensive brute force attacks (I have no idea how these bastards found my address). I would like:
1. Disable ping. (I actually have added a rule to IP tables to drop all ping packets but it still respond to it!) 2. Ban some known IP addresses which are those addresses which are already used for attack. 3. Ban an IP address which tries to login with wrong username or password more than three times.
Any help will be appreciated. I would also like to know if it is the only way to perform these tasks using IP tables or there are any other ways to do so. I am using a P4 PC with one network card and OpenSuSE 10.3 installed.
Thanks,
Danesh
Hi Danesh, Last week my old and trusted firewall crashed its disk. It has been running since 2005 non stop with SuSE Linux 9.3. At that time there was little YaST (or none, I can't recall any more) for the firewall, and I worked with the config file directly. After a while I thought I knew how it works, until last week ... I built a new firewall with new hardware and OpenSuSE 10.3. OpenVPN was needed too. Not knowing any more how all was configured in 2005 (Alzheimers' greeting), I started doing it the same way as before. Then I also noticed a lot of these brute force attacks on 3 firewalls. DenyH0sts was recommended by a friend who also programs in python. I will install it as well. On SuSEfirewall2: Not knowing how IP-Filters work, it was not clear to me what exactly is happening in my firewall. I learnt to list the kernel IP-Table (iptables -nL), and was totally clueless what I saw there and how all this works. A friend came over and gave me 2-3 hours of tutoring on kernel IP-Filtering while we wrote a complete script for my network with a VPN included in the rules. Since then I prefer to do a script by myself, because now I understand better how to configure a 'Firewall' with IP-Tables. Do yourself a favour; learn how IP-Filters work and write your own IP-Rules script. I'm a beginner, but it took me a day to get the basics and with help got a solid script for my situation working. BUT do not be mistaken, IP-Filtering is very complicated at some levels, but a basic firewall is not so hard. I disabled my SuSEfirewall2, just using my filter rules in a script file. The first to do e.g., are to clean the iptables and set built-in chains to default to drop (not reject) all packets as a start: #!/bin/bash # flush user-defined chains iptables -t nat -F iptables -t filter -F # flush userdefined rules iptables -t nat -X iptables -t filter -X # set default policy for built-in chains to drop iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP .... ### Variables #### .... #### Rules #### .... # then only open the needed ports and allow only the needed protocols # Here I have about 40 lines of rules. I will now start learning more, to get to grips with the more complex parts of IP-Filters, because we are building a network with external access over OpenVPN to a LAMP based erp system in house by our service personnel. Maybe someone could suggest a good IP-Filters document for dummies as a first how-to, then the more complicated how-to's will make more sense. HTH Al -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org