LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-17-2013, 11:32 PM   #1
padeen
Member
 
Registered: Sep 2009
Location: Perth, W.A.
Distribution: Slackware, Debian, Gentoo, FreeBSD, OpenBSD
Posts: 208

Rep: Reputation: 41
iptables not blocking ssh attempts


Logcheck keeps warning me about ssh unauthorised connection attempts from a particular IP address, so, to cut down the noise, I put in an iptables rule to block it.

Code:
# iptables -s iptables -A INPUT  -s 94.31.197.10 -j DROP
# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
DROP       all  --  10.197-31-94.telenet.ru  anywhere
Yet auth.log still shows connection attempts. How is this getting through iptables? Is it perhaps the ACCEPT rule? If so, how do I put a narrow DROP rule ahead of a broad ACCEPT rule?

Thanks for any help.

Last edited by padeen; 04-17-2013 at 11:34 PM. Reason: more meaningful Title
 
Old 04-18-2013, 12:46 AM   #2
dcookut
LQ Newbie
 
Registered: Oct 2010
Posts: 3

Rep: Reputation: 1
iptables

The DROP is after the
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
so the accept rule applies first and the Drop never gets applied
yes You really need to insert the before the accept and you need to edit the iptables file so that it is permenant

for example I think this is closer to what you want

[CODE]# iptables -s iptables -I INPUT 1 -s 94.31.197.10 -j DROP


Quote:
Originally Posted by padeen View Post
Logcheck keeps warning me about ssh unauthorised connection attempts from a particular IP address, so, to cut down the noise, I put in an iptables rule to block it.

Code:
# iptables -s iptables -A INPUT  -s 94.31.197.10 -j DROP
# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
DROP       all  --  10.197-31-94.telenet.ru  anywhere
Yet auth.log still shows connection attempts. How is this getting through iptables? Is it perhaps the ACCEPT rule? If so, how do I put a narrow DROP rule ahead of a broad ACCEPT rule?

Thanks for any help.
 
1 members found this post helpful.
  


Reply

Tags
iptables, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables is blocking MS-SQL DB sandeepc04 Linux - Newbie 3 07-10-2012 12:38 PM
blocking an IP using iptables picox Linux - Security 7 12-10-2010 03:00 PM
Iptables blocking , well...everything crispyleif Linux - Networking 2 12-12-2008 04:22 AM
Blocking almost everything with iptables GeneralDark Linux - Security 18 12-04-2007 05:36 PM
Blocking an IP with iptables asif2k Linux - Security 4 04-19-2006 12:22 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:04 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration