[CentOS] Iptables questions

Keith Roberts keith at karsites.net
Tue Aug 10 22:08:43 UTC 2010


On Tue, 10 Aug 2010, John R Pierce wrote:

> To: CentOS mailing list <centos at centos.org>
> From: John R Pierce <pierce at hogranch.com>
> Subject: Re: [CentOS] Iptables questions
>
>  On 08/10/10 1:30 PM, Bob Hoffman wrote:
>> 1) I have switched my SSH to a different port. I would like to still check
>> for anyone trying to hit the old port 22 and log them. At the same time add
>> them to a reject/ban for a certain period of time, lets say 1 day.
>
> If nothing is listening on that port, then whats to 'ban' ?

I think what Bob wants to do is to move his sshd to another 
non-standard port, and leave port 22 open. Then see what's 
trying to access that. I guess you could run another 
'dummy-sshd' type program to listen on port 22, in place of 
the real sshd, and then log all incoming packets on that 
port?

IIRC sshd logs all connection attempts anyway?

IPtables can log packets coming in to any particular port. I 
don't think the port needs to be open for IPtables to log a 
packet headed for that particular port?

I log ALL packets coming into my firewall, and then purge the 
logs with a cron job every 24 hours.

Kind Regards,

Keith Roberts

-----------------------------------------------------------------
Websites:
http://www.php-debuggers.net
http://www.karsites.net
http://www.raised-from-the-dead.org.uk

All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-----------------------------------------------------------------



>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



More information about the CentOS mailing list