I started monitoring my fail2ban log files and identified subnets that constantly try to hack my home server.
Is th following firewalld command correct to drop them?
firewall-cmd --direct --add-rule ipv4 filter INPUT 1 -m tcp --source 103.207.36.0/24 -p tcp --dport 22 -j REJECT
Or is there a better way to block access. This will be come a very long list of subnets to be blocked
Thanks, Wolfgang
Blocking SSH acces to my linux home server
-
- Posts: 1521
- Joined: 2014/05/21 20:16:00
- Location: Central New York, USA
Re: Blocking SSH acces to my linux home server
Aren't you trying to do what Fail2ban already does? You're going to see the attempts (which will make you nervous, of course) but Fail2ban should be already writing and implementing the firewall rules for you (yes/no?)
Unless I am misunderstanding ...
Unless I am misunderstanding ...
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: Blocking SSH acces to my linux home server
Another option is port knocking.
If port konocking is set, only the ip that 'knocked' the correct ports can access your ssh server.
You can use port knocking for icmp echo reply , also.
If port konocking is set, only the ip that 'knocked' the correct ports can access your ssh server.
You can use port knocking for icmp echo reply , also.
Re: Blocking SSH acces to my linux home server
The Wiki also has an article on hardening SSH containing lots of useful information:
https://wiki.centos.org/HowTos/Network/SecuringSSH
I always try to limit the scope to only those users and IP addresses that need access, and then put rate limiting in place just for good measure.
https://wiki.centos.org/HowTos/Network/SecuringSSH
I always try to limit the scope to only those users and IP addresses that need access, and then put rate limiting in place just for good measure.
-
- Posts: 133
- Joined: 2016/11/20 11:58:45
Re: Blocking SSH acces to my linux home server
Thanks for the hints. Good input.
Wolfgang
Wolfgang