FTP login failure - block source ip to destination port (21)

Post Reply
pgroenewald
Junior Member
Posts: 1
Joined: 01 Oct 2009, 13:14

FTP login failure - block source ip to destination port (21)

Post by pgroenewald »

Hi,

On FTP login failures or any of the services really, is it possible to block the IP connecting to the FTP ports instead of blocking the IP address from accessing anything on the server after x (as configured) unsuccessful login attempts?

Something in the line of;

iptables -I INPUT -m tcp -p tcp --dport 21 -s 111.222.333.444 -j DROP

instead of

iptables -I INPUT -s 111.222.333.444 -j DROP

[edit]
The reason being, legit customers are being locked out completely, no web, no mail, no nothing and it leaves them highly annoyed because to them it was an honest mistake. By only blocking the IP from connecting to the port, it still allows them to get mail, browse their site etc.

Many thanks in advance,
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

Yes. If you look in the csf configuration /etc/csf/csf.conf you can enable per service blocking using the LF_SELECT option.
Post Reply