iptables with logging vs denyhosts
dwoody5654
dwoody5654 at gmail.com
Tue Jul 7 03:35:51 UTC 2015
I have been using denyhosts for almost a year. To date I have only
prevented one person logging in and that is ME ( I used the wrong login
name).
Also, I know of no successful break-ins.
My iptables is as follows:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N block
-A INPUT -j block
-A FORWARD -j block
-A block -i wifi_card -p tcp -m tcp --dport 12123 -j ACCEPT
-A block -i Nic_external -p tcp -m tcp --dport 12123 -j ACCEPT
-A block -i Nic_enternal -j ACCEPT
-A block -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A block -i lo -m conntrack --ctstate NEW -j ACCEPT
-A block -j DROP
First, I think that the above will keep the bad guys out, Is that a true
statement?
Sencondly, I have added a LOG rule just above the DROP rule and I have
been monitoring it for about 1 1/2 weeks. As each entry is logged I have
been adding it to /etc/hosts.deny. Currently there are 4318 ip adresses
in the file and the number of packets that have been logged is 51592.
Denyhosts is for stopping ssh attempts and nothing else as I understand it.
Having over 4300 lines in /etc/hosts.deny causes almost no delay in
logging in remotely.
Am I being to paranoid about keeping the bad guys out or is the iptable
above completely adequate?
I would very much like to here your opinion on this,
David
More information about the users
mailing list