[ILUG] Maintaining an IP whitelist with dynamic addresses
Niall O Broin
niall at linux.ie
Wed Jun 8 09:01:59 IST 2005
On 8 Jun 2005, at 08:51, bryan ( admin at revoltingdigits.com) wrote:
> what would be really cool would be if it was possible to configure ssh
> act like portsentry.
> ie multiple failed logon attempts result in an automated temporary
> block of
> that IP address.
> does anyone know if something like this is possible ?
Something LIKE it is possible, but not with ssh. You can use iptable's
repeat module to block addresses which make repeated connections within
a short period of time, which has the same effect. Unfortunately, that
iptables module isn't available with a Red Hat supported kernel for
RHES3, which is what the server I'm concerned with runs.
Lacking any readymade solution, I threw together a little bit of Perl
to do what I wanted.
More information about the ILUG