Thanks Xan, problem is I can enter the rules, but can't list them and it doesn't appear to be working, though I really don't want to lock myself out to test.
| Linode Forum https://forum.linode.com/ |
|
| iptables problem **SOLVED** https://forum.linode.com/viewtopic.php?f=19&t=3310 |
Page 1 of 1 |
| Author: | treybrown [ Fri Jun 06, 2008 7:31 pm ] |
| Post subject: | iptables problem **SOLVED** |
I am trying to create a few simple rules to cut down on the number of SSH bruteforce attempts and am having issues. After I create the rules I am attempting to use "iptables --list" to make sure they are there/correct, but am receiving the following. Code: $ iptables --list I probably overlooked something easy, but still can't get it :S |
|
| Author: | jacko [ Fri Jun 06, 2008 8:12 pm ] |
| Post subject: | |
use a different port. The second I changed my port to something other then 22 all that activity stopped. I would also suggest knockd if u really wanna hide your sshd. edit: I think the error is because u have yet to save the rules file. You create the rules file, but until u save it and restart daemon nothing will happen. What distro are u using?? In arch the command is Code: /etc/rc.d/iptables save |
|
| Author: | jacko [ Fri Jun 06, 2008 8:15 pm ] |
| Post subject: | |
my bad, I always like to leave links to the info I use... arch wiki is one to none if u ask me. http://wiki.archlinux.org/index.php/Sim ... ith_knockd |
|
| Author: | treybrown [ Fri Jun 06, 2008 8:55 pm ] |
| Post subject: | |
I am using Ubuntu Hardy. Thanks for the info on knockd will check it out. |
|
| Author: | Xan [ Fri Jun 06, 2008 10:06 pm ] |
| Post subject: | |
My preferred solution is the relatively new "recent" feature in iptables. It can block any new SSH attempt from an IP which has made 3 in the previous five minutes. It really puts the brakes on the brute force attacks. Code: iptables -N SSHSCAN See http://www.ducea.com/2006/06/28/using-iptables-to-block-brute-force-attacks/ You probably want to whitelist your own home IP first. |
|
| Author: | treybrown [ Fri Jun 06, 2008 10:38 pm ] |
| Post subject: | |
Thanks Xan, problem is I can enter the rules, but can't list them and it doesn't appear to be working, though I really don't want to lock myself out to test.
|
|
| Author: | kangaby [ Sat Jun 07, 2008 6:46 am ] |
| Post subject: | |
treybrown wrote: I really don't want to lock myself out to test.
Just use the console from your members login if you do. Don't underestimate the power of the console. I don't even run sshd. |
|
| Author: | mwalling [ Sun Jun 08, 2008 11:19 am ] |
| Post subject: | Re: iptables problem |
treybrown wrote: I am trying to create a few simple rules to cut down on the number of SSH bruteforce attempts and am having issues. After I create the rules I am attempting to use "iptables --list" to make sure they are there/correct, but am receiving the following.
Code: $ iptables --list I probably overlooked something easy, but still can't get it :S are you root? |
|
| Author: | SteveG [ Sun Jun 08, 2008 1:52 pm ] |
| Post subject: | |
That message usually means that the appropriate iptables modules haven't been loaded...but Linode kernels have these built in. But even weirder, it seems that you should have gotten errors while creating the rules, not just when listing. I just tried this at home, and just running 'iptables --list" caused the modules to load...Hmmmm. Is your linode Xen or UML? |
|
| Author: | zunzun [ Sun Jun 08, 2008 2:23 pm ] |
| Post subject: | |
jacko wrote: You create the rules file, but until u save it and restart daemon nothing will happen.
Would it be more consistent to write: U create the rules file, but until u save it... than to mix "you" and "u"? James |
|
| Author: | treybrown [ Tue Jun 10, 2008 12:55 pm ] |
| Post subject: | Re: iptables problem |
mwalling wrote: are you root?
 OK, wow...I can't imagine why I didn't do this as root
Thanks for all the help everyone. |
|
| Author: | chacham [ Sun Jun 15, 2008 12:30 pm ] |
| Post subject: | |
kangaby wrote: Don't underestimate the power of the console. I don't even run sshd.
I never thought of that. Just don't run sshd and use the website to login. If i wanted to use putty, i could login to turn sshd on. Are the any perceived downsides to that? The only one i can think of is if i didn't have a browser available. |
|
| Author: | sweh [ Sun Jun 15, 2008 5:23 pm ] |
| Post subject: | |
You don't even need to use the website; you can ssh directly to the console; eg if you are on host72 then "ssh host72.linode.com -l your_linode_username" (or use putty or whatever) will get you direct access to the lish interface, which connects you to the console port. |
|
| Author: | kangaby [ Sun Jun 15, 2008 10:47 pm ] |
| Post subject: | |
chacham wrote: The only one i can think of is if i didn.t have a browser available.
I use Putty to connect directly to the lish console on the host of my Linode. (Members area has details on how to do this for your account) Sometimes it will slowdown, when the host is doing lots of stuff I guess, but other than that, it works a treat. I've only ever used the Ajax console once from work, where putty (ssh) is blocked by our firewall, and that worked as well. |
|
| Author: | chacham [ Tue Jun 17, 2008 4:38 pm ] |
| Post subject: | |
Wow, thanx for the great idea. I just installed fail2ban, to see how that works out. I may just use this idea instead. |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|