David G. Miller wrote: > David Hrb?c( <hrbac.conf at seznam.cz> wrote: > >> Bazy napsal(a): >>> > And yes... I will use layer 7 filtering. >>> > http://l7-filter.sourceforge.net/protocols >>> > > Patch my kernel, my iptables, and "iptables -A INPUT -m layer7 >>> --l7proto >>> > ssh -j DROP" ;) >> >> Yes, the only way. >> D. > Silly question. If you're just going to drop all ssh connection > attempts, wouldn't it be easier to just not start sshd? Ditto for > telnet, etc? No service means nothing to connect to. > > Cheers, > Dave > Sorry, I ment -A FORWARD. My Linux box is a router.