[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Edlug Archive Dec 2006 ]

Re: [edlug] Access Lists

To: edlug@xxx.xxx.xxx
Subject: Re: [edlug] Access Lists
From: Craig Skinner <craig.skinner@xxx.xxx.xxx>
Date: Thu, 28 Dec 2006 22:24:07 +0000
In-reply-to: <45943078.4090900@xxx.xxx.xxx>
List-post: <mailto:edlug@xxx.xxx.xxx>
List-subscribe: <mailto:edlug-request@xxx.xxx.xxx>
List-unsubscribe: <mailto:edlug-request@xxx.xxx.xxx>
References: <45943078.4090900@xxx.xxx.xxx>
Sender: owner-edlug@xxx.xxx.xxx
User-agent: Mutt/1.5.12-2006-07-14

On Thu, Dec 28, 2006 at 09:00:40PM +0000, William Hamilton wrote:
> 
> Anyone know if it's possible to craft some sort of iptables rule to ban 
> incoming SSH attempts from say, China or Taiwan?

Load these into a table:

http://www.okean.com/chinacidr.txt
http://www.okean.com/koreacidr.txt

use pf instead of iptables and block scanners:
http://www.openbsd.org/faq/pf/

table <scanners> persist

pass in log on $EXT_IF inet proto tcp from any port > 1023 \
        to $EXT_IF port ssh $FLAGS \
        (max-src-conn-rate 5/60, overload <scanners>)

block in log on $EXT_IF inet proto tcp from <scanners> \
	to $EXT_IF port ssh





Same for spam: feed the lists into spamd:
http://www.openbsd.org/spamd/
-- 
Craig Skinner | http://www.kepax.co.uk | aye-right@xxx.xxx.xxx
-
----------------------------------------------------------------------
You can find the EdLUG mailing list FAQ list at:
http://www.edlug.org.uk/list_faq.html

Follow-Ups:
- Re: [edlug] Access Lists
  - From: Subhi S Hashwa

References:
- [edlug] Access Lists
  - From: William Hamilton

Prev by Date: Re: [edlug] Access Lists
Next by Date: Re: [edlug] Access Lists
Previous by thread: Re: [edlug] Access Lists
Next by thread: Re: [edlug] Access Lists
Index(es):
- Main
- Thread

Morpheux

This archive is kept by wibble+RM@xxx.xxx.xxx
Morpheux

HomePage