blocking using iptables is easily the most efficient if you're dealing with a DDOS situation. It blocks at the kerrnel, so the opening packet is never accepted and sshd is never called. Any other solution is likely to require an open connection and a process to deal with things.
I actually can't find a way to get sshd to only allow certain hosts by IP address. AllowHosts used to work, but seems to be missing fromm the mosth recent sshd_config format
Kev wrote:
I did both, i blocked IP's with iptbels and i also configured SSH Demean
to only allow connections form given IP's
my server was down like 2-3 times a week due to DDOS attach or some one running a attach on my SSH, now the server seem to be running fine.
oh yeah and i also blocked all ICMP communication and only allowed form my IP only :)
-- Stephen Samuel +1(604)876-0426 samuel@xxxxxxxxxxx http://www.bcgreen.com/~samuel/ Powerful committed communication. Transformation touching the jewel within each person and bringing it to light. - : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
