[CentOS] Iptables questions

Tue Aug 10 23:12:59 UTC 2010
Bob Hoffman <bob at bobhoffman.com>

Forgive me if this does not go with the right topic, I am on digest and
responding to a topic sometimes makes it start a new one.

My reason for the iptables questions is to not follow the practice of
putting up a wall and ignoring hackers.
I want to be more proactive.

If I have set my ssh port to 55994 and am not using port 22, but hackers are
pounding on my port 22 looking for 
Ssh, then I want to not only know about it, I want to log them and prevent
them access to my server and web applications.
At least temporarily.

I see now that many of the programs are log users and not real time. And
many like fail2ban actually add chains to iptables that I 
Could do myself. It looks like getting some books on netfilter may be the
way to go.

I would rather stop stuff at the firewall then trust apache, php, sendmail,
vsftp, etc. I would rather use them as back up failsafes while I work on
hack proofing the single point of entry.

I have a server sitting right on the net and the constant barrage of 100s of
Ips trying thousands of times at port 22 is insane.
I examine my logs and see so much in the way of dns posion attacks,
ssh-mail-ftp, etc attacks that I do not want to just sit back and
Think I am fine because I have a firewall and centos will send me bug fixes.

That firewall seems like the 100% way of going at stopping and preventing
issues. 
If an IP is doing something it should not be doing, most likely you do not
want it probing anything else either.


That's why I ask.