First of all change the port of your SSH server, perhaps give it a large number such as 37854 (juas an example). Just doing this, will reduce your ssh attacks for 99% ;-) Next, you want to do change following files, to match: /etc/hosts.deny ALL:ALL ...and: /etc/hosts.allow sshd: IP_of_your_SSH_server Next, for IP tables do: iptables -P INPUT DROP iptables -A INPUT -s IP_of_your_SSH_server --dport your_new_ssh_port -j ACCEPT This should be bulletproof (in theory), but only changing the ssh port, will reduce your ssh attacks for 99%, you'll see :) Anze -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Ryan Golhar Sent: Monday, June 06, 2005 3:51 PM To: 'General Red Hat Linux discussion list' Subject: Filtering IP addresses by domain name My machines keep getting attacked through ssh nightly. I want to prevent users from connecting to SSH unless they are coming in through a specific ISP. Is there a way I can filter a range of IPs based on provider in iptables? -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
