<div dir="ltr"><div>Hi Folks,</div>
<div> </div>
<div>Yet another question...my mind is actually shared between fail2ban and sshblack to perform the blacklisting work.</div>
<div>My server is basically a web server, so I may also face non SSH attacks. </div>
<div> </div>
<div>Any advice ?</div>
<div> </div>
<div>Best Regards,</div>
<div>Shiryu<br><br></div>
<div class="gmail_quote">
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div dir="ltr">
<div><br> </div>
<div>
<div></div>
<div>
<div class="gmail_quote">2008/8/20 Martin Minka <span dir="ltr"><<a href="mailto:martin.minka@gmail.com" target="_blank">martin.minka@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">it is up to you how you change $ADDRULE and $DELRULE in sshblack.pl<br><br>be aware that you need to restart firehol after you change your blacklist file<br>
<br>or combine my and your aproach and change in sshblack.pl:<br><br>my($ADDRULE) = 'echo "ipaddress" >> /etc/firehol/blacklist; /sbin/iptables -I BLACKLIST -s ipaddress -j DROP';<br>my($DELRULE) = ''; # IP will be blocked until you dont delete it manualy<br>
<br>don't forget to add to begin of your /etc/firehol/firehol.conf
<div><br><br>iptables -N BLACKLIST<br>iptables -A INPUT -p tcp -m tcp --dport 22 --syn -j BLACKLIST<br><br><br><br></div>shi ryu wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div>Thanks Martin,<br> I'm actually not very familiar to IPtables and I am already using the blacklist feature of firehol.<br> Here is what I have currently in my firehol.conf :<br> - blacklist these `cat /etc/firehol/blacklist`<br>
and then the plain text file /etc/firehol/blacklist where I add manually the IPs to be blacklisted.<br> Is there a way that I can have sshblack adding its ip addresses to the same file (etc/firehol/blacklist ) I am using now ?<br>
Rgds,<br> <br><br></div> 2008/8/20 Martin Minka <<a href="mailto:martin.minka@gmail.com" target="_blank">martin.minka@gmail.com</a> <mailto:<a href="mailto:martin.minka@gmail.com" target="_blank">martin.minka@gmail.com</a>>>
<div><br><br> I am using this in my firehol.conf:<br><br> # add support for sshblack.sh<br> iptables -N BLACKLIST<br> iptables -A INPUT -p tcp -m tcp --dport 22 --syn -j BLACKLIST<br><br> On Wed, Aug 20, 2008 at 9:14 AM, shi ryu <<a href="mailto:shiryu38@gmail.com" target="_blank">shiryu38@gmail.com</a><br>
</div>
<div> <mailto:<a href="mailto:shiryu38@gmail.com" target="_blank">shiryu38@gmail.com</a>>> wrote:<br><br> Hi there,<br><br> has anyone ever tried to use SSHBlack<br> (<a href="http://www.pettingers.org/code/sshblack.html" target="_blank">http://www.pettingers.org/code/sshblack.html</a>) in a firehol<br>
context ?<br> That tool looks awesome to automatically block SSH brute forces<br> and it uses IPtables to perform its job.<br><br> Best Regards,<br><br> Shiryu.<br><br> -------------------------------------------------------------------------<br>
This SF.Net email is sponsored by the Moblin Your Move<br> Developer's challenge<br> Build the coolest Linux based applications with Moblin SDK & win<br> great prizes<br> Grand prize is a trip for two to an Open Source event anywhere<br>
in the world<br> <a href="http://moblin-contest.org/redirect.php?banner_id=100&url=/" target="_blank">http://moblin-contest.org/redirect.php?banner_id=100&url=/</a><br> <<a href="http://moblin-contest.org/redirect.php?banner_id=100&url=/" target="_blank">http://moblin-contest.org/redirect.php?banner_id=100&url=/</a>><br>
_______________________________________________<br> Firehol-support mailing list<br> <a href="mailto:Firehol-support@lists.sourceforge.net" target="_blank">Firehol-support@lists.sourceforge.net</a><br></div>
<mailto:<a href="mailto:Firehol-support@lists.sourceforge.net" target="_blank">Firehol-support@lists.sourceforge.net</a>>
<div><br> <a href="https://lists.sourceforge.net/lists/listinfo/firehol-support" target="_blank">https://lists.sourceforge.net/lists/listinfo/firehol-support</a><br><br><br><br></div></blockquote></blockquote></div>
<br></div></div></div></blockquote></div><br></div>