From: Simon Hoerder (newshoerder.net)
Date: Tue Jul 29 2003 - 15:05:40 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Nigel Gaylard wrote:

>Hi All
>
>I would like to create a list of IP address's that should be denied all
>access to my server. I have currently 2 or 3 people making a deliberate
>effort to hack into my SSH port, and so I would like to deny them access to
>it at firewall level, as well as all other ports. I can't seem to find
>information in the Suse documentation on firewall2.
>
>Many thanks
>
>Nigel Gaylard
>
>
>
>
>
Hi,

you seem to need a fast solution: The best thing I now is to create a
special rule for iptables (on older systems it's ipchains). In a
standard ip-tables configuration you have three chains called INPUT,
FORWARD and OUTPUT. Packets that are forwarded to other PC's (no matter
whether in the local network or in the Internet) are Filtered according
to the Rules of the FORWARD chain. Packets, whose destination is the
Router/FW, are filtered by the INPUT chain and packets, that are sent by
the Router/FW, are filtered by the OUTPUT chain. You can get an overview
of the iptables currently in use with the 'iptables -L' command. This
way, you can protect your complete LAN, not only your server. Big
Problem: All programs (like FW's, scripts, etc.) that may/can change
rules in iptables can - and probably will - flush your self created rule.

We use this technique to disable all internet access for users (inside
our LAN) who didn't pay bills etc. It works fine on our server, which is
running on a mixture of SuSE 7.x and several upgrades for special
programs. But I haven't tested it on other systems using other FW's, etc.

Good Luck,
Simon

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]