LinuxQuestions.org - [SOLVED] iptables not blocking ssh attempts

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - iptables not blocking ssh attempts (https://www.linuxquestions.org/questions/linux-networking-3/iptables-not-blocking-ssh-attempts-4175458558/)

iptables not blocking ssh attempts

Logcheck keeps warning me about ssh unauthorised connection attempts from a particular IP address, so, to cut down the noise, I put in an iptables rule to block it.

Code:

# iptables -s iptables -A INPUT  -s 94.31.197.10 -j DROP

# iptables -L

Chain INPUT (policy ACCEPT)

target    prot opt source              destination

ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:ssh

DROP      all  --  10.197-31-94.telenet.ru  anywhere

Yet auth.log still shows connection attempts. How is this getting through iptables? Is it perhaps the ACCEPT rule? If so, how do I put a narrow DROP rule ahead of a broad ACCEPT rule?

Thanks for any help.

The DROP is after the
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
so the accept rule applies first and the Drop never gets applied
yes You really need to insert the before the accept and you need to edit the iptables file so that it is permenant

for example I think this is closer to what you want

[CODE]# iptables -s iptables -I INPUT 1 -s 94.31.197.10 -j DROP

Quote:

Originally Posted by padeen (Post 4933689)

Logcheck keeps warning me about ssh unauthorised connection attempts from a particular IP address, so, to cut down the noise, I put in an iptables rule to block it.

Code:

# iptables -s iptables -A INPUT  -s 94.31.197.10 -j DROP

# iptables -L

Chain INPUT (policy ACCEPT)

target    prot opt source              destination

ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:ssh

DROP      all  --  10.197-31-94.telenet.ru  anywhere