Blocking SSH acces to my linux home server

Issues related to configuring your network
Post Reply
wp.rauchholz
Posts: 133
Joined: 2016/11/20 11:58:45

Blocking SSH acces to my linux home server

Post by wp.rauchholz » 2017/11/10 17:46:22

I started monitoring my fail2ban log files and identified subnets that constantly try to hack my home server.
Is th following firewalld command correct to drop them?


firewall-cmd --direct --add-rule ipv4 filter INPUT 1 -m tcp --source 103.207.36.0/24 -p tcp --dport 22 -j REJECT

Or is there a better way to block access. This will be come a very long list of subnets to be blocked

Thanks, Wolfgang

lightman47
Posts: 1521
Joined: 2014/05/21 20:16:00
Location: Central New York, USA

Re: Blocking SSH acces to my linux home server

Post by lightman47 » 2017/11/10 21:50:52

Aren't you trying to do what Fail2ban already does? You're going to see the attempts (which will make you nervous, of course) but Fail2ban should be already writing and implementing the firewall rules for you (yes/no?)

Unless I am misunderstanding ...

hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: Blocking SSH acces to my linux home server

Post by hunter86_bg » 2017/11/11 21:09:28

Another option is port knocking.
If port konocking is set, only the ip that 'knocked' the correct ports can access your ssh server.
You can use port knocking for icmp echo reply , also.

NedSlider
Forum Moderator
Posts: 2897
Joined: 2005/10/28 13:11:50
Location: UK

Re: Blocking SSH acces to my linux home server

Post by NedSlider » 2017/11/12 12:13:48

The Wiki also has an article on hardening SSH containing lots of useful information:

https://wiki.centos.org/HowTos/Network/SecuringSSH

I always try to limit the scope to only those users and IP addresses that need access, and then put rate limiting in place just for good measure.

wp.rauchholz
Posts: 133
Joined: 2016/11/20 11:58:45

Re: Blocking SSH acces to my linux home server

Post by wp.rauchholz » 2017/11/12 16:57:14

Thanks for the hints. Good input.

Wolfgang

Post Reply