[Fedora] Re: Blocking SSH ... BUT...
Mike Wright
mike.wright at mailinator.com
Tue Sep 18 19:09:50 UTC 2007
Ashley M. Kirchner wrote:
> Mike Wright wrote:
>
>> Allow your subnets before the above rules. Here's a sample rule:
>>
>> -A INPUT -s 10.0.0.0/24 -p tcp --dport 22 --syn -j ACCEPT
>> # subnet ^^^^^^^^^^^
>>
>> You'd need one rule for each subnet.
>>
>> hth
>
>
> Awesome Mike, that worked like a charm. Thanks!
Very welcome.
>
> Somewhat related question: would the same rules work for ftp attacks
> as well? Obviously replacing the port number with 21, but would they
> work? Duplicate the lines, replace port and hope that ftp also gets
> curbed the same way?
>
I think so. I know that there are connection tracking issues with ftp
but I don't think that applies here. Each connection starts with an
initial NEW packet.
More information about the users
mailing list