On 4/28/05, Roger Grosswiler <roger@xxxxxxxx> wrote: > >> Hi, > >> > >> Taking again the thread about the SSH brute force attacks, but with a > >> question. > >> > >> We have a nice tool called system-config-securitylevel, why isn't it > >> possible to indicate some ips or ranges there an click to "stealth" so, > >> this port is just visible to the indicated ip-adresses?? > >> > >> Roger > >> > > > > Because it's a simple gui tool designed to be simple. > > > you're right at this point, it's adding a function more., but adding this function would not mean crashing usability > of this tool, i think. It's just an senseful option more, that keeps EASY the users computers more secure - specially > on servers. You have to be able to parse things like did you want to NOT allow 127.0.0.1 to connect. Did you mean 204.121.0.0/32 and not 204.121.0.0/16.. it is not a trivial task to do right for the new person. Or the fact that you put the -A INPUT -s 0.0.0.0/0 -j ACCEPT before all your drops. A tool that does this would be great, but I think its complexity would be more than can be packaged simply into the installer :(. Even putting this in an 'expert' section is more likely to shoot one in the foot. [I have had to clean up more systems because the person thought they had secured it and it was actually worse off.] -- Stephen J Smoogen. CSIRT/Linux System Administrator