Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
Re: [suse-security] Deny IP address's
  • From: Armin Schoech <armin.schoech@xxxxxx>
  • Date: Tue, 29 Jul 2003 21:47:53 +0000 (GMT)
  • Message-id: <Pine.LNX.4.44.0307292118270.12873-100000@xxxxxxxxxxxxxxxxxxxxx>
Hi Nigel,

> I would like to create a list of IP address's that should be denied all
> access to my server. I have currently 2 or 3 people making a deliberate
> effort to hack into my SSH port, and so I would like to deny them access to
> it at firewall level, as well as all other ports. I can't seem to find
> information in the Suse documentation on firewall2.
>
--> Usually, one does it the other way around: deny access for
everybody and then allow selectively only those IPs that are allowed
to connect. This has the advantage to secure your server even if the
bad guys change IPs or other people try to attack you.

You should leave FW_SERVICES_EXT_TCP empty and put the allowed SSH
IPs/Nets into FW_TRUSTED_NETS.

Unfortunately, I'm not god in IPTABLES so I can't tell you which rules
you have to add to reject single IPs. But they would have to go to
/etc/sysconfig/scripts/SuSEfirewall2-custom
Probably in "fw_custom_before_antispoofing()" add something like
(untested):
iptables -I INPUT -j DROP -s IP_to_block

HTH,
Armin

--
Am Hasenberg 26 office: Institut für Atmosphärenphysik
D-18209 Bad Doberan Schloss-Straße 6
Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY
Email: schoech@xxxxxxxxxxxx Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50


< Previous Next >
References