On 13 April 2010 07:51, J. Bakshi <joydeep@xxxxxxxxxxxxxxx> wrote: > I am trying to make an arrangement that rather blocking the IP,; only > the access to the ssh port will be blocked from that IP. So the other > services i.e. imap, apache will be still accessible from the IP > excluding ssh. Is it possible ? Yes. All you need do is change your drop rule to the following: iptables -A INPUT -p tcp --dport ssh -m mark --mark 0x1 -m recent --set --name sshoverflow --rsource -j DROP The way the rule works is effectively a logical and so its say if the destination is the ssh port and the ip address is in the recent list then drop the packet. This way only ssh is denied to the bad guy rather than everything... might be better to use, for instance, iptables -A INPUT -p tcp -m multiport --dports ssh -m mark --mark 0x1 -m recent --set --name sshoverflow --rsource -j DROP You can then add other services prone to brute force attacks to the drop list... (Taken me a while to reply as I've been preoccupied with work and broken cheekbone thanks to some drunk chavs :() -- Richard Horton Users are like a virus: Each causing a thousand tiny crises until the host finally dies. http://www.pbase.com/arimus - My online photogallery http://www.topcashback.co.uk/ref/rhorton -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
