[CentOS] firewall questions

Tue Jun 23 12:26:09 UTC 2020
tbuchanan at vinu.edu <tbuchanan at vinu.edu>

working on it.  some other issues got in the way of testing.


-- 
Ted Buchanan
Computer/Network Analyst - Vincennes University
tbuchanan at vinu.edu



From:   "Jon LaBadie" <jcu at labadie.us>
To:     "Jon LaBadie" <centos at centos.org>
Date:   06/22/2020 04:57 PM
Subject:        Re: [CentOS] firewall questions
Sent by:        "CentOS" <centos-bounces at centos.org>



On Sun, Jun 21, 2020 at 02:33:18PM -0500, Chuck Campbell wrote:
> I'm running Centos 7.8.2003, with firewalld.
> 
> I was getting huge numbers of ssh attempts per day from a few specific 
ip
> blocks.
> 
> The offenders are 45.0.0.0/24, 49.0.0.0/24, 51.0.0.0/24, 111.0.0.0/24 
and
> 118.0.0.0/24, and they amounted to a multiple thousands of attempts per 
day.
> I installed and configured fail2ban, but still saw a lot of attempts in 
the
> logs, and the ipset created was filling up.
> 
What type of ipset did you create, perhaps hash:ip where individual
addresses are listed?  If so, consider switching to hash:net which
uses CIDR style entries.  Individual addresses become 1.2.3.4/32
but blocks can be included with a single entry.  My ipset has about
40,000 entries, but covers millions of IP addresses.

If you do switch look on the net for a program called "cidrmerge".
It takes a list of IP addresses and CIDR networks, sorts them
and merges multiple entries into a single network where possible.

Jon
-- 
Jon H. LaBadie                  jcu at labadie.us
_______________________________________________
CentOS mailing list
CentOS at centos.org
https://lists.centos.org/mailman/listinfo/centos