[TriLUG] Host Blocking
Steve Kuekes
steve at kuekes.homeip.net
Wed Jan 5 23:22:50 EST 2005
Greg Cox wrote:
>
> But you're officially allowed to put a 'Power of Pride' bumper sticker on
> the box if you iptable this up.
>
Here's some lines from my /etc/sysconfig/iptables that blocks these
ranges of ip from my ssh port (since I will never need to access my
machine from those parts of the world).
-A INPUT -p tcp -m tcp --dport 22 --syn -s 210.0.0.0/8 -j REJECT
-A INPUT -p tcp -m tcp --dport 22 --syn -s 221.0.0.0/8 -j REJECT
-A INPUT -p tcp -m tcp --dport 22 --syn -s 211.0.0.0/8 -j REJECT
-A INPUT -p tcp -m tcp --dport 22 --syn -s 81.0.0.0/8 -j REJECT
-A INPUT -p tcp -m tcp --dport 22 --syn -s 218.0.0.0/8 -j REJECT
-A INPUT -p tcp -m tcp --dport 22 --syn -s 61.0.0.0/8 -j REJECT
-A INPUT -p tcp -m tcp --dport 22 --syn -s 217.0.0.0/8 -j REJECT
-A INPUT -p tcp -m tcp --dport 22 --syn -s 202.0.0.0/8 -j REJECT
-A INPUT -p tcp -m tcp --dport 22 --syn -s 203.0.0.0/8 -j REJECT
-A INPUT -p tcp -m tcp --dport 22 --syn -s 200.0.0.0/8 -j REJECT
-A INPUT -p tcp -m tcp --dport 22 --syn -s 212.0.0.0/8 -j REJECT
-A INPUT -p tcp -m tcp --dport 22 --syn -s 80.0.0.0/8 -j REJECT
-A INPUT -p tcp -m tcp --dport 22 --syn -s 222.0.0.0/8 -j REJECT
-A INPUT -p tcp -m tcp --dport 22 --syn -s 163.29.0.0/16 -j REJECT
My list keeps growing as I track the ssh dictionary attempts for the
user root.
More information about the TriLUG
mailing list