Re: [CentOS] filtering ssh regardless of the port

David G. Miller wrote: > David Hrb?c( <[EMAIL PROTECTED]> wrote: > >> Bazy napsal(a): >>> > And yes... I will use layer 7 filtering. >>> > http://l7-filter.sourceforge.net/protocols >>> > > Patch my kernel, my iptables, and "iptables -A INPUT -m layer7 >>> --l7proto >>> > ssh -j DROP" ;) >>

Re: [CentOS] filtering ssh regardless of the port

David Hrb?c( <[EMAIL PROTECTED]> wrote: Bazy napsal(a): > And yes... I will use layer 7 filtering. > http://l7-filter.sourceforge.net/protocols > > Patch my kernel, my iptables, and "iptables -A INPUT -m layer7 --l7proto > ssh -j DROP" ;) Yes, the only way. D. Silly question. If you'

Re: [CentOS] filtering ssh regardless of the port

ArcosCom Linux User wrote: > No, there is another way. > Using the l7filter user-space daemon. > > You need to NFQUEUE target with IPTABLES and configure de L7 daemon to do > the work. > > I don't use it, but in http://l7-filter.sourceforge.net/HOWTO-userspace > there is more information about it

Re: [CentOS] filtering ssh regardless of the port

No, there is another way. Using the l7filter user-space daemon. You need to NFQUEUE target with IPTABLES and configure de L7 daemon to do the work. I don't use it, but in http://l7-filter.sourceforge.net/HOWTO-userspace there is more information about it. Regards El Mie, 19 de Septiembre de 200

Re: [CentOS] filtering ssh regardless of the port

Bazy napsal(a): > And yes... I will use layer 7 filtering. > http://l7-filter.sourceforge.net/protocols > > Patch my kernel, my iptables, and "iptables -A INPUT -m layer7 --l7proto > ssh -j DROP" ;) Yes, the only way. D. ___ CentOS mailing list CentOS@c

Re: [CentOS] filtering ssh regardless of the port

t; is prohibited. > > > >> -Original Message- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Bazy >> Sent: Tuesday, September 18, 2007 16:23 >> To: CentOS mailing list >> Subject: [CentOS] filtering ssh regardl

RE: [CentOS] filtering ssh regardless of the port

Bazy wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hello gentlemen and lady's, > > > I am trying to filter ssh traffic regardless of the port the > connection > is opened on. I want to do the same for rlogin and telnet. I know it > would be easier to use a proxy server and onl

RE: [CentOS] filtering ssh regardless of the port

ent: Tuesday, September 18, 2007 16:23 > To: CentOS mailing list > Subject: [CentOS] filtering ssh regardless of the port > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hello gentlemen and lady's, > > > I am trying to filter ssh traffic regardless of th

[CentOS] filtering ssh regardless of the port

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello gentlemen and lady's, I am trying to filter ssh traffic regardless of the port the connection is opened on. I want to do the same for rlogin and telnet. I know it would be easier to use a proxy server and only allow users to access the web... b