[CentOS] filtering ssh regardless of the port
bazy at goofy.celuloza.ro
Wed Sep 19 14:54:10 UTC 2007
David G. Miller wrote:
> David Hrb?c( <hrbac.conf at seznam.cz> wrote:
>> Bazy napsal(a):
>>> > And yes... I will use layer 7 filtering.
>>> > http://l7-filter.sourceforge.net/protocols
>>> > > Patch my kernel, my iptables, and "iptables -A INPUT -m layer7
>>> > ssh -j DROP" ;)
>> Yes, the only way.
> Silly question. If you're just going to drop all ssh connection
> attempts, wouldn't it be easier to just not start sshd? Ditto for
> telnet, etc? No service means nothing to connect to.
Sorry, I ment -A FORWARD. My Linux box is a router.
More information about the CentOS