I did a little experiment and it worked. if (fnmatch("192.168.1.*",remote_host,FNM_PATHNAME) != 0) goto out;
this will allow only connections from 192.168.1.* to the server that shows the change can be very simple. I did not try with more complicated situations. The limits of this approach needs to be evaluated. ________________________________________ Von: Dropbear <dropbear-boun...@ucc.asn.au> im Auftrag von Sebastian Gottschall <s.gottsch...@dd-wrt.com> Gesendet: Sonntag, 23. Mai 2021 02:34 An: Hans Harder Cc: dropbear@ucc.asn.au Betreff: Re: restrict access WARNUNG: Diese E-Mail kam von außerhalb der Organisation. Klicken Sie nicht auf Links oder öffnen Sie keine Anhänge, es sei denn, Sie kennen den/die Absender*in und wissen, dass der Inhalt sicher ist. i know .but consider that this was not my request. i was just answering a question and giving a suggestion. so i have no intentions to implement this on my side Am 21.05.2021 um 16:56 schrieb Hans Harder: > You can add some small code in svr_main.c for allowing/denying remote > servers based on their ip address > > getaddrstring(&remoteaddr, &remote_host, NULL, 0); > /* HH hostallow start */ > /* Check if remote host is allowed */ > if (hostallow_check(remote_host) == 0) { > fprintf(stderr,"Not allowed, closing > connection\n"); > goto out; > } > /* HH hostallow end */ > /* Limit the number of unauthenticated > connections per IP */ > num_unauthed_for_addr = 0; > num_unauthed_total = 0; > for (j = 0; j < MAX_UNAUTH_CLIENTS; j++) { > > just add something like this in svr_main.c in the the main_noinetd function > I check in the hostallow_check function if there is a certain file > like host_<remote_host>.allow in a certain directory > if not it will close the connection. > > Hans > > > On Thu, May 20, 2021 at 5:05 PM Sebastian Gottschall > <s.gottsch...@dd-wrt.com> wrote: >> what about a feature like blocking a client for N minutes if more than N >> times of failed logins. its relativily easy to implement and lows down >> brute force attacks >> >> Am 20.05.2021 um 16:44 schrieb Matt Johnston: >>> On Thu, May 20, 2021 at 02:29:20PM +0000, Walter Harms wrote: >>>> Thx for the fast response, >>>> for the background: little system, far-far-away land, but some >>>> script-kiddie is filling the log ... >>>> so no iptables or other fancy stuff. Seems i have to change that, somehow. >>>> >>>> @matt: >>>> in case i get something working ... >>>> i am thinking about fnmatch and inet_ntoa would that be acceptable ? >>> I'm not really sure it's the job of Dropbear to be doing >>> that filtering. Though I wonder if it might make sense to >>> optionally not bother logging failed SSH auth attempts, >>> given how many there are... >>> >>> Cheers, >>> Matt >>>