I've blocked an IP-range in my blacklist-file. The row in the file looks
like this:
88.191.0.0/16
This should block any and all traffic from addresses in the range
88.191.0.0-88.191.255.255 but they still get through to perform brute
force attacks on my SSH server.
Here's an example from my auth.log for yesterday:
Nov 4 20:14:39 dolly sshd[3532]: Invalid user ttf from 88.191.99.69
Nov 4 20:14:41 dolly sshd[3532]: Failed password for invalid user ttf
from 88.191.99.69 port 37898 ssh2
Why is this, and how can I fix it?
Best Wishes
Linda
shorewall version: 4.2.1
ip addr show:
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:08:a1:3c:12:f3 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.102/24 brd 192.168.0.255 scope global eth1
inet6 fe80::208:a1ff:fe3c:12f3/64 scope link
valid_lft forever preferred_lft forever
3: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast
qlen 1000
link/ether 00:0e:a6:b0:fc:42 brd ff:ff:ff:ff:ff:ff
4: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
ip route show:
192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.102
default via 192.168.0.1 dev eth1
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
