[CentOS] Intrusion Attempt Prevension - iptables problems
Marko A. Jennings
markobiz at bluegargoyle.com
Mon Jan 12 18:45:46 UTC 2009
On Mon, January 12, 2009 1:37 pm, James B. Byrne wrote:
> I have these rules in effect:
> 1 DROP all -- 22.214.171.124/24 anywhere
> 2 DROP all -- 126.96.36.199/24 anywhere
> Note particularly line 2.
> Now, notwithstanding the above, I see this in my /var/log/secure file:
> Jan 12 13:36:02 inet01 sshd: Received disconnect from
> 188.8.131.52: 11: Bye Bye
> Jan 12 13:36:13 inet01 sshd: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=avalon.aty-group.com
> Jan 12 13:36:15 inet01 sshd: Failed password for root from
> 184.108.40.206 port 38722 ssh2
> What is wrong with my IPTABLES rules that this connection is permitted?
Your netmask. You might want to consider changing it to /16.
More information about the CentOS