[Firehol-support] block all unused ports
ibk
ibk at cyberverse.com
Fri Feb 25 22:14:14 GMT 2005
I am using firehol 1.214-4 (Debian/Sarge, with packaged kernel
2.4.27-2-k7 for basic services on a self-manged server at an ISP)
The system is for basic mail, web and some off site storage.
/etc/firehol.conf
server_althttp_ports="tcp/8080"
client_althttp_ports="default"
blacklist full "66.139.72.0 69.167.37.0 211.48.0.0"
interface eth0 internet
protection strong
server "icmp imap imaps ntp sbadm smtps ssh smtp dns http https pop3
althttp rsync webmin" accept
client all accept
/etc/firehol/services/firehol_extra.conf
server_sbadm_ports="tcp/225"
client_sbadm_ports="default 225"
(the last here is an extra ssh service for emergent admin access)
We continually get hit hundreds of "requests" of the sort
"sshd[21029]: Illegal user admin from 211.142.64.2
sshd[21029]: Failed password for illegal user admin from 211.142.64.2
port 48594 ssh2"
from a variety of sources.
Should we and if so, could we easily block these higher unused ports?
We have been looking at ways to ease the firewall scripts etc.. and so
far after trying all the others in Sarge firehol wins hands down - it is
really amazing.
Thanks for any advice or observations.
Also is there any book that we can buy/read that covers firehol and how
it works etc.. with iptables - so as to get more understanding?
thanks,
ibk
More information about the Firehol-support
mailing list