SSH allow then drop in CSF
Posted: 28 Sep 2016, 08:43
Im currently running csf on centos and it's running well. The challenge is those damn brute forcers trying to get in on ssh.
They are basically running 3 attempts per ip then rotating. So csf sees attempt then blocks it, however by the time it blocks, they've already rotated to another ip.
In the normal Iptables I can simply do the following:
iptables -I INPUT 1 -p tcp -s exampleIP#1 --dport 22 -j ACCEPT
iptables -I INPUT 1 -p tcp -s exampleIP#2 --dport 22 -j ACCEPT
iptables -I INPUT 1 -p tcp -s exampleIP#3 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP
then save and done
So ssh from my 3 ips (exampleIP#1,2,3 (instead of actual IP's)) are allowed and then all others are dropped.
when i add the commands above, while running csf they go into the table just fine, but then next day they are flushed out.
how to i permanently add them in so they don't keep getting flushed out?
thank you
james
They are basically running 3 attempts per ip then rotating. So csf sees attempt then blocks it, however by the time it blocks, they've already rotated to another ip.
In the normal Iptables I can simply do the following:
iptables -I INPUT 1 -p tcp -s exampleIP#1 --dport 22 -j ACCEPT
iptables -I INPUT 1 -p tcp -s exampleIP#2 --dport 22 -j ACCEPT
iptables -I INPUT 1 -p tcp -s exampleIP#3 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP
then save and done
So ssh from my 3 ips (exampleIP#1,2,3 (instead of actual IP's)) are allowed and then all others are dropped.
when i add the commands above, while running csf they go into the table just fine, but then next day they are flushed out.
how to i permanently add them in so they don't keep getting flushed out?
thank you
james