[Firehol-support] sshlack

shi ryu shiryu38 at gmail.com
Sat Aug 23 11:30:30 CEST 2008 

Hi Folks,

Yet another question...my mind is actually shared between fail2ban and
sshblack to perform the blacklisting work.
My server is basically a web server, so I may also face non SSH attacks.

Any advice ?

Best Regards,
Shiryu


>
>   2008/8/20 Martin Minka <martin.minka at gmail.com>
>
>> it is up to you how you change $ADDRULE and $DELRULE in sshblack.pl
>>
>> be aware that you need to restart firehol after you change your blacklist
>> file
>>
>> or combine my and your aproach and change in sshblack.pl:
>>
>> my($ADDRULE) = 'echo "ipaddress" >> /etc/firehol/blacklist; /sbin/iptables
>> -I BLACKLIST -s ipaddress -j DROP';
>> my($DELRULE) = ''; # IP will be blocked until you dont delete it manualy
>>
>> don't forget to add to begin of your /etc/firehol/firehol.conf
>>
>> iptables -N BLACKLIST
>> iptables -A INPUT -p tcp -m tcp --dport 22 --syn -j BLACKLIST
>>
>>
>>
>> shi ryu wrote:
>>
>>> Thanks Martin,
>>>  I'm actually not very familiar to IPtables and I am already using the
>>> blacklist feature of firehol.
>>>  Here is what I have currently in my firehol.conf :
>>>  - blacklist these `cat /etc/firehol/blacklist`
>>>  and then the plain text file /etc/firehol/blacklist where I add manually
>>> the IPs to be blacklisted.
>>>  Is there a way that I can have sshblack adding its ip addresses to the
>>> same file (etc/firehol/blacklist ) I am using now ?
>>>  Rgds,
>>>
>>>
>>>  2008/8/20 Martin Minka <martin.minka at gmail.com <mailto:
>>> martin.minka at gmail.com>>
>>>
>>>    I am using this in my firehol.conf:
>>>
>>>    # add support for sshblack.sh
>>>    iptables -N BLACKLIST
>>>    iptables -A INPUT -p tcp -m tcp --dport 22 --syn -j BLACKLIST
>>>
>>>    On Wed, Aug 20, 2008 at 9:14 AM, shi ryu <shiryu38 at gmail.com
>>>    <mailto:shiryu38 at gmail.com>> wrote:
>>>
>>>        Hi there,
>>>
>>>        has anyone ever tried to use SSHBlack
>>>        (http://www.pettingers.org/code/sshblack.html) in a firehol
>>>        context ?
>>>        That tool looks awesome to automatically block SSH brute forces
>>>        and it uses IPtables to perform its job.
>>>
>>>        Best Regards,
>>>
>>>        Shiryu.
>>>
>>>
>>>  -------------------------------------------------------------------------
>>>        This SF.Net email is sponsored by the Moblin Your Move
>>>        Developer's challenge
>>>        Build the coolest Linux based applications with Moblin SDK & win
>>>        great prizes
>>>        Grand prize is a trip for two to an Open Source event anywhere
>>>        in the world
>>>        http://moblin-contest.org/redirect.php?banner_id=100&url=/
>>>        <http://moblin-contest.org/redirect.php?banner_id=100&url=/>
>>>        _______________________________________________
>>>        Firehol-support mailing list
>>>        Firehol-support at lists.sourceforge.net
>>>        <mailto:Firehol-support at lists.sourceforge.net>
>>>        https://lists.sourceforge.net/lists/listinfo/firehol-support
>>>
>>>
>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20080823/3c01da5f/attachment-0001.html>

More information about the Firehol-support mailing list