Filtering IP addresses by domain name

Mailing List

Home

Forum Home

Linux - General Red Hat Linux discussion list

Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)

Installation - Getting started with Red Hat Linux

Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)

Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)

Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)

Apache Web Server

Oracle database, Microsoft SQL server ...

Subjects

•	application/x mplayer2 plugin
•	RPM error: db4 error(16) from dbenv >remove: Device or resource busy
•	Command stream end of file while reading
•	X Windows problem (xauth)
•	Upgrading openoffice 1 1 rpm
•	FTP: connection refused
•	FTP: connection refused
•	mount: /dev/cdrom: is not a valid block device
•	Dell Precision 650, RedHat 9, no sound
•	how to trace the cause resulting in the crash of bind server
•	Virus on the list
•	UNINSTALL RPM MYSQL
•	usb pen drives: mounting as a user
•	broadcom network interface
•	make mrproper
•	sendmail configuration on redhat
•	Couldn 't open PID file /var/run/named/named pid Permission denied
•	Promise 378 controller
•	kernel 2 6 and /dev/sound/mixer not found
•	Problem using up2date
•	mrtg step by step howto/configuration for a newbie?
•	Compiling and Installing Kernel 2 6
•	Can 't locate module ppp0, can 't locate module ppp compress 21
•	HOW I CAN MAKE BOOTABLE FLOPPY DISKET
•	Lotus Notes under Wine
•	/etc/security/limits conf question
•	Intel E/1000 driver
•	Command stream end of file while reading
•	rpm database corrupt
•	qla2300 modules

Filtering IP addresses by domain name

Filtering IP addresses by domain name

2005-06-06 - By Ed Wilts

Back

Reply: 1 2 3 4 5

On Mon, Jun 06, 2005 at 09:51:25AM -0400, Ryan Golhar wrote:
> My machines keep getting attacked through ssh nightly. I want to
> prevent users from connecting to SSH unless they are coming in through a
> specific ISP. Is there a way I can filter a range of IPs based on
> provider in iptables?

The easiest way to do this is through tcpwrappers, not iptables. For
example, see the following to allow only a specific set of addresses.
In my case, I allow connections only from my home submit and my work
domain. Everybody else gets rejected. I've done some minor editing
since this is an older version of the file but it should still be mostly
valid. In particular, pay attention to the hosts.deny which by default
denies everything from everybody. If you put this in place, be aware!
You can change the entry in hosts.deny to just sshd though.
Also note that tcpwrappers doesn't work for everything - just
tcpwrappers-enabled services. For example, it won't do anything for
httpd.

#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#

sshd: LOCAL, .ewilts.home, 192.168.0.0/255.255.255.0, .merrillcorp.com
ALL: LOCAL, .ewilts.home, 192.168.0.0/255.255.255.0, 127.0.0.1, .merrillcorp
.com, 150.228.40.0/255.255.255.0
sendmail: ALL

#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!

ALL: ALL: spawn echo tcpwrap has detected an unauthorised connection attempt\
from %h %a to %d at `date`|tee -a /var/log/secure|mail -s 'Unauthorized \
Connection attempt' root

--
Ed Wilts, RHCE
Mounds View, MN, USA
mailto:ewilts@(protected)
Member #1, Red Hat Community Ambassador Program

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@(protected)?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Earn $52 per hosting referral at Lunarpages.