[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Deny IP address's



Hi Nigel,

> I would like to create a list of IP address's that should be denied all
> access to my server. I have currently 2 or 3 people making a deliberate
> effort to hack into my SSH port, and so I would like to deny them access to
> it at firewall level, as well as all other ports. I can't seem to find
> information in the Suse documentation on firewall2.
>
--> Usually, one does it the other way around: deny access for
everybody and then allow selectively only those IPs that are allowed
to connect. This has the advantage to secure your server even if the
bad guys change IPs or other people try to attack you.

You should leave FW_SERVICES_EXT_TCP empty and put the allowed SSH
IPs/Nets into FW_TRUSTED_NETS.

Unfortunately, I'm not god in IPTABLES so I can't tell you which rules
you have to add to reject single IPs. But they would have to go to
/etc/sysconfig/scripts/SuSEfirewall2-custom
Probably in "fw_custom_before_antispoofing()" add something like
(untested):
iptables -I INPUT -j DROP -s IP_to_block

HTH,
Armin

-- 
Am Hasenberg 26         office: Institut für Atmosphärenphysik
D-18209 Bad Doberan             Schloss-Straße 6
Tel. ++49-(0)38203/42137        D-18225 Kühlungsborn / GERMANY
Email: schoech@xxxxxxxxxxxx     Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/     Fax. +49-(0)38293-68-50


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here