We certainly would need a shorewall dump to figure this out. Prasanna.
On Fri, Nov 7, 2008 at 12:33 PM, <[EMAIL PROTECTED]> wrote: > I've blocked an IP-range in my blacklist-file. The row in the file looks > like this: > 88.191.0.0/16 > > This should block any and all traffic from addresses in the range > 88.191.0.0-88.191.255.255 but they still get through to perform brute > force attacks on my SSH server. > > Here's an example from my auth.log for yesterday: > Nov 4 20:14:39 dolly sshd[3532]: Invalid user ttf from 88.191.99.69 > Nov 4 20:14:41 dolly sshd[3532]: Failed password for invalid user ttf > from 88.191.99.69 port 37898 ssh2 > > Why is this, and how can I fix it? > > Best Wishes > > Linda > > > shorewall version: 4.2.1 > > ip addr show: > 1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever > 2: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000 > link/ether 00:08:a1:3c:12:f3 brd ff:ff:ff:ff:ff:ff > inet 192.168.0.102/24 brd 192.168.0.255 scope global eth1 > inet6 fe80::208:a1ff:fe3c:12f3/64 scope link > valid_lft forever preferred_lft forever > 3: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast > qlen 1000 > link/ether 00:0e:a6:b0:fc:42 brd ff:ff:ff:ff:ff:ff > 4: sit0: <NOARP> mtu 1480 qdisc noop > link/sit 0.0.0.0 brd 0.0.0.0 > > ip route show: > 192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.102 > default via 192.168.0.1 dev eth1 > > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > -- Want to manage multiple office networks? Want to securely connect all your locations? Want to do it in a budget? www.elinanetworks.com ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
