LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Maintaining an IP whitelist with dynamic addresses

[ILUG] Maintaining an IP whitelist with dynamic addresses

Frank Duignan frank.duignan at gmail.com
Tue Jun 7 20:11:46 IST 2005 

I was looking for something similar for the same reason - I had hoped to
limit ssh access to clients from a particular country - apparently NTL screws
things up for Ireland by using UK assigned IP addresses.  Can you limit your 
whitelist to particular address and address ranges used by known ISP's?

On 6/7/05, Niall O Broin <niall at linux.ie> wrote:
> Having finally become pissed off with thousands of ssh brute force
> attacks a day, and being concerned that maybe one day one of them might
> strike lucky, I  set up blocking of ssh via iptables on the affected
> server, with a whitelist of allowed addresses. Some fancy solutions
> were pointed out on #linux, but the version of iptables available on
> RHES 3 didn't support some necessary feature, so I went with more or
> less my original idea, which was to have a REJECT rule in the INPUT
> chain for new ssh connections, and then add an ACCEPT rule for for each
> allowed address. The problem is that a number of the  allowed addresses
> are dynamic addresses e.g. with people who have cable modems or DSL
> with dynamic IPs.
> 
> Has anyone come across a prepackaged way of handling that?
> Conceptually, it's not that hard. You just maintain a list of the
> allowed hostnames with their current IPs and on a regular basis, look
> up the IPs again. If any have changed, you simply delete the
> corresponding rule from the accept chain, using the old IP which you
> have remembered, and insert a rule for the new IP. However, I imagine
> I'm not the first one to have come across this problem, and I hate to
> re-invent the wheel.
> 
> I did ask Uncle Google, but couldn't come up with the right question
> (or maybe, there is no answer)
> 
> 
> 
> Niall
> 
> --
> Irish Linux Users' Group
> http://www.linux.ie/mailman/listinfo/ilug/
> 
>

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell