Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
So I applied that rule within iptables and I am still receiving these unwatned attempts.
###########################################################################
Dec 26 20:05:35 localhost sshd[26372]: Failed password for invalid user guest from ::ffff:211.189.116.220 port 56783 ssh2
Dec 26 20:05:39 localhost sshd[26375]: Invalid user admin from ::ffff:211.189.116.220
Dec 26 20:05:42 localhost sshd[26375]: Failed password for invalid user admin from ::ffff:211.189.116.220 port 57004 ssh2
Dec 26 20:05:45 localhost sshd[26378]: Invalid user admin from ::ffff:211.189.116.220
Dec 26 20:05:47 localhost sshd[26378]: Failed password for invalid user admin from ::ffff:211.189.116.220 port 57170 ssh2
Dec 26 20:05:50 localhost sshd[26381]: Invalid user user from ::ffff:211.189.116.220
Dec 26 20:05:52 localhost sshd[26381]: Failed password for invalid user user from ::ffff:211.189.116.220 port 57271 ssh2
Dec 26 20:05:57 localhost sshd[26384]: Failed password for root from ::ffff:211.189.116.220 port 57334 ssh2
#############################################################################
Do you need a snapshot of my table to discover the problem? again, I only want specific IP addy's to be able to ssh to my machine.
Make FORWARD to DENY (it's not safe). Don't know what's eth0, but you accept everything comming from it (the extra limitations on port are after this, so they don't work for traffic to eth0). Then you have three identical rules (-A RH-Firewall-1-INPUT -p tcp -m tcp -s IP ADDY --dport 22 --syn -j ACCEPT).
do one thing
1.Drop all the packets on all the chains i.e
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
2.Write rules for allowing ssh to your machine
iptables -t filter -A INPUT -s 0/0 -p tcp --dport 22 -d <yourip> -j ACCEPT
iptables -t filter -A OUTPUT -d 0/0 -p tcp --sport 22 -s <yourip> -j ACCEPT
This should solve your purpose
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.