Re: iptables & tcp wrappers

From: Jan Gerrit Göbel (Jan.Goebel_at_post.rwth-aachen.de)
Date: 09/29/04

  • Next message: harry: "Re: iptables & tcp wrappers" 
    Date: Wed, 29 Sep 2004 17:36:39 +0200
To: focus-linux@securityfocus.com

    > My goal is to block all incoming ssh attempts except IP#.
    > This is where I got into hosts.allow/deny as mentioned below.

    why don´t you edit the /etc/ssh/sshd_config and add the lines "AllowUsers
    username@someIP"

    example:
    AllowUsers bla@212.132.3.147, laberl@212.132.3.*

    that way you can restrict ssh logins to certain users from certain IPs or IP
    ranges...

    regards
    jan

  • Next message: harry: "Re: iptables & tcp wrappers"

    Relevant Pages

    • RE: Increase in scans on TCP port 1 (tcpmux)?
      ... decreasing IP ranges. ... down infected boxes with decreasing IPs and initiating ... Modeled after the famous Black Hat event in ... Symantec is the Diamond sponsor. ...
      (Incidents)
    • DNAT and --to-destination question using multiple network ranges
      ... What I'm trying to do is allow multiple IPs from the Internet (lets say ... Internet IPs to two different IP ranges on different networks (say ... sections listed below work perfectly when I'm using dnat to target one ... let me know if I can dnat the inbound IPs to two differnt network ...
      (comp.security.firewalls)
    • iptables question (dnat, to-destination, and multiple network ranges)
      ... What I'm trying to do is allow multiple IPs from the Internet (lets say ... Internet IPs to two different IP ranges on different networks (say ... sections listed below work perfectly when I'm using dnat to target one ... let me know if I can dnat the inbound IPs to two differnt network ...
      (comp.os.linux.security)
    • Re: DNAT and --to-destination question using multiple network ranges
      ... >Internet IPs to two different IP ranges on different networks (say ... >a sanitized example of what I'm using (ips have been changed). ... >sections listed below work perfectly when I'm using dnat to target one ...
      (comp.security.firewalls)
    • Real world experience with Dlink Hotspot
      ... Does anybody have comments about Dlink's new IPS? ... Best Regards ... Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. ...
      (Focus-IDS)