[Firehol-support] block all unused ports
ibk at cyberverse.com
Fri Feb 25 22:14:14 GMT 2005
I am using firehol 1.214-4 (Debian/Sarge, with packaged kernel
2.4.27-2-k7 for basic services on a self-manged server at an ISP)
The system is for basic mail, web and some off site storage.
blacklist full "188.8.131.52 184.108.40.206 220.127.116.11"
interface eth0 internet
server "icmp imap imaps ntp sbadm smtps ssh smtp dns http https pop3
althttp rsync webmin" accept
client all accept
(the last here is an extra ssh service for emergent admin access)
We continually get hit hundreds of "requests" of the sort
"sshd: Illegal user admin from 18.104.22.168
sshd: Failed password for illegal user admin from 22.214.171.124
port 48594 ssh2"
from a variety of sources.
Should we and if so, could we easily block these higher unused ports?
We have been looking at ways to ease the firewall scripts etc.. and so
far after trying all the others in Sarge firehol wins hands down - it is
Thanks for any advice or observations.
Also is there any book that we can buy/read that covers firehol and how
it works etc.. with iptables - so as to get more understanding?
More information about the Firehol-support