Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
Re: [suse-security] Deny IP address's
  • From: keith@xxxxxxxxxxxxxxxxxxxxxxxx
  • Date: Tue, 29 Jul 2003 23:23:22 +0000 (GMT)
  • Message-id: <Pine.LNX.4.44.0307292255300.1086-100000@xxxxxxxxxxx>

Nigel Gaylard wrote:

>Hi All
>
>I would like to create a list of IP address's that should be denied all
>access to my server. I have currently 2 or 3 people making a deliberate
>effort to hack into my SSH port, and so I would like to deny them access to
>it at firewall level, as well as all other ports.

The following may do the trick and log and drop all attacks
coming in through the INPUT chain, FROM THE SPECIFIED IP
ADDRESSES ONLY.

You should be able to add this to your existing Firewall
rules.

i.e. don't clear what you already have in IPtables rules.

Just make this into an executable script and run it WITHOUT
flushing your current rules.

==================================================
THIS IS JUST A QUICK FIX - MAY NEED TO BE MODIFIED
** TEST FIRST AND USE AT YOUR OWN RISK!!! **
==================================================

(Replace ip.address(n).to.block with the known IP address
of each suspected attacker).

# Log attack attempts from know IP address1
IPTABLES -A INPUT -s ip.address1.to.block -j LOG \
--log-prefix 'DROPPED PKTS FROM ip.address1.to.block '

# drop ALL packets from this address1
IPTABLES -A INPUT -s ip.address1.to.block -j DROP


# Log attack attempts from know IP address2
IPTABLES -A INPUT -s ip.address2.to.block -j LOG \
--log-prefix 'DROPPED PKTS FROM ip.address2.to.block '

# drop ALL packets from this address2
IPTABLES -A INPUT -s ip.address2.to.block -j DROP


# Log attack attempts from know IP address3
IPTABLES -A INPUT -s ip.address3.to.block -j LOG \
--log-prefix 'DROPPED PKTS FROM ip.address3.to.block '

# drop ALL packets from this address3
IPTABLES -A INPUT -s ip.address3.to.block -j DROP


see man iptables for more information if required.


HTH - Keith Roberts









< Previous Next >
This Thread