[Firehol-support] sshlack

Martin Minka martin.minka at gmail.com
Wed Aug 20 16:03:27 BST 2008


it is up to you how you change $ADDRULE and $DELRULE in sshblack.pl

be aware that you need to restart firehol after you change your 
blacklist file

or combine my and your aproach and change in sshblack.pl:

my($ADDRULE) = 'echo "ipaddress" >> /etc/firehol/blacklist; 
/sbin/iptables -I BLACKLIST -s ipaddress -j DROP';
my($DELRULE) = ''; # IP will be blocked until you dont delete it manualy

don't forget to add to begin of your /etc/firehol/firehol.conf

iptables -N BLACKLIST
iptables -A INPUT -p tcp -m tcp --dport 22 --syn -j BLACKLIST



shi ryu wrote:
> Thanks Martin,
>  
> I'm actually not very familiar to IPtables and I am already using the 
> blacklist feature of firehol.
>  
> Here is what I have currently in my firehol.conf :
>  
> - blacklist these `cat /etc/firehol/blacklist`
>  
> and then the plain text file /etc/firehol/blacklist where I add manually 
> the IPs to be blacklisted.
>  
> Is there a way that I can have sshblack adding its ip addresses to the 
> same file (etc/firehol/blacklist ) I am using now ?
>  
> Rgds,
>  
> 
> 
>  
> 2008/8/20 Martin Minka <martin.minka at gmail.com 
> <mailto:martin.minka at gmail.com>>
> 
>     I am using this in my firehol.conf:
> 
>     # add support for sshblack.sh
>     iptables -N BLACKLIST
>     iptables -A INPUT -p tcp -m tcp --dport 22 --syn -j BLACKLIST
> 
>     On Wed, Aug 20, 2008 at 9:14 AM, shi ryu <shiryu38 at gmail.com
>     <mailto:shiryu38 at gmail.com>> wrote:
> 
>         Hi there,
> 
>         has anyone ever tried to use SSHBlack
>         (http://www.pettingers.org/code/sshblack.html) in a firehol
>         context ?
>         That tool looks awesome to automatically block SSH brute forces
>         and it uses IPtables to perform its job.
> 
>         Best Regards,
> 
>         Shiryu.
> 
>         -------------------------------------------------------------------------
>         This SF.Net email is sponsored by the Moblin Your Move
>         Developer's challenge
>         Build the coolest Linux based applications with Moblin SDK & win
>         great prizes
>         Grand prize is a trip for two to an Open Source event anywhere
>         in the world
>         http://moblin-contest.org/redirect.php?banner_id=100&url=/
>         <http://moblin-contest.org/redirect.php?banner_id=100&url=/>
>         _______________________________________________
>         Firehol-support mailing list
>         Firehol-support at lists.sourceforge.net
>         <mailto:Firehol-support at lists.sourceforge.net>
>         https://lists.sourceforge.net/lists/listinfo/firehol-support
> 
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5627 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20080820/e6688be9/attachment-0003.bin>


More information about the Firehol-support mailing list