[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Great IP Auto-Ban script
John Wolgamot wrote ..
> However I was told that ssh has no restriction of this type.
You are correct. It is usually handled at the network level (iptables)
or through hosts.deny at the application level (with tcpwrappers for
applications that do not honor hosts.deny, which are few).
See http://www.archlug.org/kwiki/SSHKwikis for how I do it.
I can manage hosts.deny a lot easier than remembering iptables commands.
And when an IP gets blocked for SSH violations, it shuts it down
for Apache, Webmin, POP3, etc. although using iptables _really_
shuts off the access.
Anything I've got a listener on honors hosts.deny and hosts.allow.
You put your white holes in /etc/hosts.allow.
To unsubscribe, send email to firstname.lastname@example.org with
"unsubscribe luci-discuss" in the body.