nightduke
08-30-2004, 01:31 PM
anyone knows how can i limit ssh access to a fedora core machine by ip address from a big range and from a few machines.
Thanks.
Thanks.
 | View Full Version : limit ssh by ip address tuxguru 08-30-2004, 02:28 PM Use iptables to allow access to port 22 only from the desired ip address(es). freeflight2 08-30-2004, 03:19 PM Originally posted by tuxguru Use iptables to allow access to port 22 only from the desired ip address(es). agreed, that's the best/most effective way - there's also the following option for sshd: from="pattern-list" Specifies that in addition to public key authentication, the canonical name of the remote host must be present in the comma- separated list of patterns ==> man sshd gaschamber 08-30-2004, 04:28 PM Originally posted by nightduke anyone knows how can i limit ssh access to a fedora core machine by ip address from a big range and from a few machines. Thanks. put the following in your rc.local file. If you want to restrict it to one class C change x.x.x.x/24 to 1.2.3.0/24 instead of 1.2.3.0 please use the correct class C for the single machines duplicate that enter only change the 1.2.3.0/24 to 1.2.3.4/32 where 1.2.3.4 = the whole ip instead of the class C. iptables -A INPUT -i eth0 -p tcp -s x.x.x.x/24 --dport 22 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 22 -j REJECT shell-box 10-01-2004, 02:03 PM # If you have constant abusers, block them permanently by CIDR thus: #iptables -A INPUT -s 192.168.1.0/24 -j rej iptables -A INPUT -s 218.237.66.152 -j rej iptables -A INPUT -s 204.210.78.177 -j rej iptables -A INPUT -s 140.113.236.203 -j rej iptables -A INPUT -s 217.239.5.204 -j rej iptables -A INPUT -s 203.72.239.13 -j rej iptables -A INPUT -s 82.66.60.124 -j rej iptables -A INPUT -s 61.66.7.237 -j rej iptables -A INPUT -s 12.42.142.135 -j rej iptables -A INPUT -s 218.30.115.26 -j rej iptables -A INPUT -s cpc3-nott1-6-1-cust203.nott.cable.ntl.com -j rej iptables -A INPUT -s spider.ias.csusb.edu -j rej iptables -A INPUT -s 83.129.239.72 -j rej iptables -A INPUT -s 139.182.137.34 -j rej iptables -A INPUT -s 221.5.251.160 -j rej iptables -A INPUT -s 213.228.207.2 -j rej iptables -A INPUT -s 66.7.23.142 -j rej iptables -A INPUT -s 216.55.156.41 -j rej iptables -A INPUT -s 217.5.41.88 -j rej iptables -A INPUT -s 216-55-156-41.dedicated.abac.net -j rej iptables -A INPUT -s 213.103.5.174 -j rej iptables -A INPUT -s 203.250.133.238 -j rej iptables -A INPUT -s adsl-69-108-223-115.dsl.pltn13.pacbell.net -j rej # # For particularly abusive servers or brain-dead software that keeps trying # even with rej, try this instead: #iptables -A INPUT -s 192.168.1.0/24 -j DROP iptables -A INPUT -s 218.237.66.152 -j DROP iptables -A INPUT -s 204.210.78.177 -j DROP iptables -A INPUT -s 140.113.236.203 -j DROP iptables -A INPUT -s 217.239.5.204 -j DROP iptables -A INPUT -s 203.72.239.13 -j DROP iptables -A INPUT -s 82.66.60.124 -j DROP iptables -A INPUT -s 61.66.7.237 -j DROP iptables -A INPUT -s 12.42.142.135 -j DROP iptables -A INPUT -s 218.30.115.26 -j DROP iptables -A INPUT -s cpc3-nott1-6-1-cust203.nott.cable.ntl.com -j DROP iptables -A INPUT -s spider.ias.csusb.edu -j DROP iptables -A INPUT -s 83.129.239.72 -j DROP iptables -A INPUT -s 139.182.137.34 -j DROP iptables -A INPUT -s 221.5.251.160 -j DROP iptables -A INPUT -s 213.228.207.2 -j DROP iptables -A INPUT -s 216.55.156.41 -j DROP iptables -A INPUT -s 66.7.23.142 -j DROP iptables -A INPUT -s 217.5.41.88 -j DROP iptables -A INPUT -s 216-55-156-41.dedicated.abac.net -j DROP iptables -A INPUT -s 213.103.5.174 -j DROP iptables -A INPUT -s 203.250.133.238 -j DROP iptables -A INPUT -s adsl-69-108-223-115.dsl.pltn13.pacbell.net -j DROP shell-box 10-01-2004, 02:08 PM Above were attackers on my servers! What I am wanting to do is block the attacker or any ssh user after three attempts. If anyone knows how to do this I would not mind the help! Thank you sprintserve 10-01-2004, 04:13 PM http://www.rfxnetworks.com/bfd.php |