[colug-432] IPtables

Steve VanSlyck s.vanslyck at postpro.net
Wed May 13 10:17:16 EDT 2015 

# Generated by iptables-save v1.4.7 on Wed May 13 09:34:19 2015
*filter :INPUT DROP [4:225] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT
[1073:2215006] :fail2ban-SSH - [0:0] -A INPUT -p tcp -m tcp --dport 22
-j fail2ban-SSH -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state
--state NEW -j DROP -A INPUT -p tcp -m tcp --tcp-flags
FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP -A INPUT -i lo
-j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m
tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A
INPUT -p tcp -m state --state NEW -m tcp --dport 8000 -j ACCEPT -A INPUT
-p udp -m state --state NEW -m udp --dport 8000 -j ACCEPT -A INPUT -p
tcp -m state --state NEW -m tcp --dport 4505 -j ACCEPT -A INPUT -p tcp
-m state --state NEW -m tcp --dport 4506 -j ACCEPT -A INPUT -s 5.0.0.0/8
-j DROP -A INPUT -s 23.0.0.0/8 -j DROP -A INPUT -s 43.0.0.0/8 -j DROP -A
INPUT -s 58.0.0.0/8 -j DROP -A INPUT -s 59.0.0.0/8 -j DROP -A INPUT -s
60.0.0.0/8 -j DROP -A INPUT -s 61.0.0.0/8 -j DROP -A INPUT -s 70.0.0.0/8
-j DROP -A INPUT -s 77.0.0.0/8 -j DROP -A INPUT -s 83.0.0.0/8 -j DROP -A
INPUT -s 91.0.0.0/8 -j DROP -A INPUT -s 113.0.0.0/8 -j DROP -A INPUT -s
117.0.0.0/8 -j DROP -A INPUT -s 119.0.0.0/8 -j DROP -A INPUT -s
146.0.0.0/8 -j DROP -A INPUT -s 147.0.0.0/8 -j DROP -A INPUT -s
157.0.0.0/8 -j DROP -A INPUT -s 173.0.0.0/8 -j DROP -A INPUT -s
182.0.0.0/8 -j DROP -A INPUT -s 183.0.0.0/8 -j DROP -A INPUT -s
190.0.0.0/8 -j DROP -A INPUT -s 192.64.0.0/16 -j DROP -A INPUT -s
201.0.0.0/8 -j DROP -A INPUT -s 203.0.0.0/8 -j DROP -A INPUT -s
213.0.0.0/8 -j DROP -A INPUT -s 218.0.0.0/8 -j DROP -A INPUT -s
222.0.0.0/8 -j DROP -A INPUT -s 229.0.0.0/8 -j DROP -A fail2ban-SSH -s
213.30.22.232/32 -j REJECT --reject-with icmp-port-unreachable -A
fail2ban-SSH -s 61.183.22.139/32 -j REJECT --reject-with
icmp-port-unreachable -A fail2ban-SSH -j RETURN COMMIT
# Completed on Wed May 13 09:34:19 2015



On Wed, May 13, 2015, at 10:10, Tim Randles wrote:
> Do you have an iptables rule ahead of that drop rule allowing SSH
> inbound?
>
> On Wed, May 13, 2015 at 7:28 AM, Steve VanSlyck
> <s.vanslyck at postpro.net> wrote:
>> __
>> Hi.
>>
>> I have this rule set it IPTABLES:
>>
>> Chain INPUT (policy DROP 1 packets, 44 bytes) pkts bytes target prot
>> opt in out source destination
>>
>> 4 212 DROP all -- * * 213.0.0.0/8 0.0.0.0/0
>>
>> However I still see attacks from 213.30.22.232 with username attempts
>> in the log. It seems iptables is not dropping the connection if it
>> gets to the point where submitting a user login name is allowed.
>>
>> Comments?
>>
>>
>> _______________________________________________
>>
colug-432 mailing list
>> colug-432 at colug.net http://lists.colug.net/mailman/listinfo/colug-432
>>
>
> _________________________________________________
> colug-432 mailing list colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20150513/139db6de/attachment.html

More information about the colug-432 mailing list