<html>
<head>
<style type="text/css">
<!--
body { margin-left: 4px; line-height: normal; margin-bottom: 1px; margin-top: 4px; margin-right: 4px; font-variant: normal }
-->
</style>
</head>
<body style="margin-left: 4px; margin-bottom: 1px; margin-top: 4px; margin-right: 4px">
<DIV> I use swatch - <i><u><a href="http://gentoo-wiki.com/HOWTO_Protect_SSHD_with_Swatch"><font color="#0000ff">http://gentoo-wiki.com/HOWTO_Protect_SSHD_with_Swatch</font></a></u></i>
</DIV>
<DIV>Instead of adding the rules to a dedicated swatch chain, I insert mine into the INPUT chain and I have my logs check for invalid users. If an unknown username tries to access the server, a rule is auto inserted to DROP all packets from that IP address and I get an email on it. If a valid username but an invalid password is tried, I get an email on it.
</DIV>
<DIV> </DIV>
<DIV>Brian
</DIV>
<DIV><br>>>>kick <kick@kick.no-ip.info> 09/27/05 1:32 pm >>><br>does anyone know if i can block individual ip's easily?<br>am getting this in my logcheck<br><br>Security Events<br>=-=-=-=-=-=-=-=<br>Sep 27 02:42:22 irc-firewall-mail sshd[10855]: Illegal user admin from ::ffff:81.223.254.204<br>Sep 27 02:42:22 irc-firewall-mail sshd[10857]: Illegal user admin from ::ffff:81.223.254.204<br>thanx in advance :)<br><br><br><br><br><br><br><br>-------------------------------------------------------<br>This SF.Net email is sponsored by:<br>Power Architecture Resource Center: Free content, downloads, discussions,<br>and more. http://solutions.newsforge.com/ibmarch.tmpl<br><br>Firehol-support mailing list<br>Firehol-support@lists.sourceforge.net<br>https://lists.sourceforge.net/lists/listinfo/firehol-support<br> </DIV>
</body>
</html>