Difference between revisions of "Linux ipblock"
From John Freier
| Line 30: | Line 30: | ||
iptables -I INPUT -i eth1 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --rsource | iptables -I INPUT -i eth1 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --rsource | ||
iptables -I INPUT -i eth1 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 180 --hitcount 4 --name DEFAULT --rsource -j DROP | iptables -I INPUT -i eth1 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 180 --hitcount 4 --name DEFAULT --rsource -j DROP | ||
| + | |||
| + | http://www.digitalsanctuary.com/tech-blog/debian/using-iptables-to-prevent-ssh-brute-force-attacks.html | ||
Revision as of 11:55, 20 July 2015
Contents
Why Block IP Addresses
When running my server I found in the logs that I was getting a lot of users that were just scanning my server for openings. So I decided to start blocking IP Addresses.
Fedora Block IP Addresses IPTable
This is a way of blocking IP Addresses in Fedora.
This command will add an IP Address to the blocked list.
# iptables -A INPUT -s 65.55.44.100 -j DROP
This command shows all the iptable references.
# iptables -L
This will remove and IP Address from the IPTable rules. (untested)
# iptables -D INPUT -s xx.xxx.xx.xx -j DROP
Fedora Block PORTS from the out side
This will block ports from outside connections.
# iptables -A INPUT -p tcp --dport 3306 -j DROP
Block attempted loggins
Block any IP address who has made more than 3 ssh connections or attempted connections within the past 3 minutes. So your would-be brute force attacker, gets three tries, and then is locked out for a minimum of three minutes.
iptables -I INPUT -i eth1 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --rsource iptables -I INPUT -i eth1 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 180 --hitcount 4 --name DEFAULT --rsource -j DROP
