On Mon, Jun 06, 2005 at 09:51:25AM -0400, Ryan Golhar wrote: > My machines keep getting attacked through ssh nightly. I want to > prevent users from connecting to SSH unless they are coming in through a > specific ISP. Is there a way I can filter a range of IPs based on > provider in iptables? The easiest way to do this is through tcpwrappers, not iptables. For example, see the following to allow only a specific set of addresses. In my case, I allow connections only from my home submit and my work domain. Everybody else gets rejected. I've done some minor editing since this is an older version of the file but it should still be mostly valid. In particular, pay attention to the hosts.deny which by default denies everything from everybody. If you put this in place, be aware! You can change the entry in hosts.deny to just sshd though. Also note that tcpwrappers doesn't work for everything - just tcpwrappers-enabled services. For example, it won't do anything for httpd. # # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # sshd: LOCAL, .ewilts.home, 192.168.0.0/255.255.255.0, .merrillcorp.com ALL: LOCAL, .ewilts.home, 192.168.0.0/255.255.255.0, 127.0.0.1, .merrillcorp.com, 150.228.40.0/255.255.255.0 sendmail: ALL # # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In particular # you should know that NFS uses portmap! ALL: ALL: spawn echo tcpwrap has detected an unauthorised connection attempt\ from %h %a to %d at `date`|tee -a /var/log/secure|mail -s 'Unauthorized \ Connection attempt' root -- Ed Wilts, RHCE Mounds View, MN, USA mailto:ewilts@xxxxxxxxxx Member #1, Red Hat Community Ambassador Program -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
