Re: filtering ssh regardless of the port

Bazy <bazy@xxxxxxxxxxxxxxxxx> · Wed, 19 Sep 2007 10:50:56 +0300

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jason Pyeron wrote:
> Not going to happen for telnet
> 
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> -                                                               -
> - Jason Pyeron                      PD Inc. http://www.pdinc.us -
> - Sr. Consultant                    10 West 24th Street #100    -
> - +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
> -                                                               -
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> 
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise private information. If you
> have received it in error, purge the message from your system and
> notify the sender immediately.  Any other use of the email by you
> is prohibited. 
> 
>  
> 
>> -----Original Message-----
>> From: centos-bounces@xxxxxxxxxx 
>> [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of Bazy
>> Sent: Tuesday, September 18, 2007 16:23
>> To: CentOS mailing list
>> Subject:  filtering ssh regardless of the port
>>
> Hello gentlemen and lady's,
> 
> 
> I am trying to filter ssh traffic regardless of the port the 
> connection
> is opened on. I want to do the same for rlogin and telnet. I know it
> would be easier to use a proxy server and only allow users to 
> access the
> web... but it's more complicated... they also need other ports open...
> and they use public IP addresses.
> 
> Is there any way that I can do it with iptables without 
> having to patch
> the kernel and iptables with l7-filter.sourceforge.net?
> 
> Thank you for your time.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
>>

> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos

And yes... I will use layer 7 filtering.
http://l7-filter.sourceforge.net/protocols

Patch my kernel, my iptables, and "iptables -A INPUT -m layer7 --l7proto
ssh -j DROP" ;)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG8NTg7nEMcIvWOSIRAqJwAKCNPWCOShzNVcnZrDisbVodr5xjLQCfY9Xf
Tl8whtvWUJ84sKunnYLVf3A=
=kmYe
-----END PGP SIGNATURE-----
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos