Hi! On 26/03/2015 18:54, Hill, John wrote: > I set up an SSH auto blacklist as the docs explained. > > Using a miodified stock rule in the ?new section > > AutoBL(SSH,-,-,-,REJECT,warn) net $FW tcp 22,2222 > > > > Also in the ?new section > > I have a dnat rule for port 2222 to a loc:xxx.xxx.xxx.xxx:22 > > > > In ?all section > > I have SSH(ACCEPT) all > > > > If either rule is active the blacklist does not trigger on the active one. > > Example I # the dnat rule reload test and show events will show hits. > > Activate it and nothing? > > > > I tried it unmodified with same results. > > > > My goal is to monitor these 2 ports 2222 and 22 and blacklist repetitive > attempts.
There is quite a good script of the perl kind at http://abatis.org.uk/sshdfilter/ which I have used to really good effect. It fits in well with shorewall and relies on sshd logging the connections. Ang -- Angela Williams angierfw at gmail dot com Linux/Networking Hacker Blog http://angierfw.wordpress.com Smile! Yahshua Loves You! ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
