[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Edlug Archive Dec 2006 ]

Re: [edlug] Access Lists



On Thu, Dec 28, 2006 at 09:00:40PM +0000, William Hamilton wrote:
> 
> Anyone know if it's possible to craft some sort of iptables rule to ban 
> incoming SSH attempts from say, China or Taiwan?

Load these into a table:

http://www.okean.com/chinacidr.txt
http://www.okean.com/koreacidr.txt

use pf instead of iptables and block scanners:
http://www.openbsd.org/faq/pf/

table <scanners> persist

pass in log on $EXT_IF inet proto tcp from any port > 1023 \
        to $EXT_IF port ssh $FLAGS \
        (max-src-conn-rate 5/60, overload <scanners>)

block in log on $EXT_IF inet proto tcp from <scanners> \
	to $EXT_IF port ssh





Same for spam: feed the lists into spamd:
http://www.openbsd.org/spamd/
-- 
Craig Skinner | http://www.kepax.co.uk | aye-right@xxx.xxx.xxx
-
----------------------------------------------------------------------
You can find the EdLUG mailing list FAQ list at:
http://www.edlug.org.uk/list_faq.html



This archive is kept by wibble+RM@xxx.xxx.xxx
Morpheux
HomePage