[CentOS] Simple way to banish IP addresses ?

Toby Bluhm tkb at alltechmedusa.com
Fri Oct 9 19:01:50 UTC 2009

Toby Bluhm wrote:
> Niki Kovacs wrote:
>> Hi,
>> I just set up a web server... and my bandwidth is being eaten by some 
>> chinese folks trying to brute-force-ssh their way into the machine.
>> Is there a simple way to banish either single IP addresses or, maybe 
>> even better, whole IP classes ? I know it's feasible with iptables, but 
>> is there something more easily configurable ?
>> Cheers,
> Try fail2ban from rpmforge.

Also, if you're using the standard fw that ships with centos, you can 
stop entire blocks of IPs by manually inserting rules after iptables starts:

iptables -I RH-Firewall-1-INPUT 1 -s -p tcp --dport 22 -j DROP

IP ranges by country:

The IP ranges will change from time to time, so you have to check often.
You could script in a download from
http://www.countryipblocks.net/continents/ to keep it current.

Like someone said, if you have to keep ssh open to the world, changing 
the port number will dramatically cut down on the attempts.


More information about the CentOS mailing list