FTP login failure - block source ip to destination port (21)
Posted: 01 Oct 2009, 13:33
Hi,
On FTP login failures or any of the services really, is it possible to block the IP connecting to the FTP ports instead of blocking the IP address from accessing anything on the server after x (as configured) unsuccessful login attempts?
Something in the line of;
iptables -I INPUT -m tcp -p tcp --dport 21 -s 111.222.333.444 -j DROP
instead of
iptables -I INPUT -s 111.222.333.444 -j DROP
[edit]
The reason being, legit customers are being locked out completely, no web, no mail, no nothing and it leaves them highly annoyed because to them it was an honest mistake. By only blocking the IP from connecting to the port, it still allows them to get mail, browse their site etc.
Many thanks in advance,
On FTP login failures or any of the services really, is it possible to block the IP connecting to the FTP ports instead of blocking the IP address from accessing anything on the server after x (as configured) unsuccessful login attempts?
Something in the line of;
iptables -I INPUT -m tcp -p tcp --dport 21 -s 111.222.333.444 -j DROP
instead of
iptables -I INPUT -s 111.222.333.444 -j DROP
[edit]
The reason being, legit customers are being locked out completely, no web, no mail, no nothing and it leaves them highly annoyed because to them it was an honest mistake. By only blocking the IP from connecting to the port, it still allows them to get mail, browse their site etc.
Many thanks in advance,