Menu
▾
▴
[Sshguard-users] sshguard + iptables + drop policy
|
From: krivetko <sap...@gm...> - 2010-11-19 16:36:30
|
Hi! I want to use sshguard in my linux box (Gentoo: syslog-ng + iptables), I've installed and configured it accordingly official documentation. I have default drop policy for all default chains and a set of accepting rules. I've created sshguard chain in iptables and added default accept rule: iptables -A sshguard -j ACCEPT, after that I've tried to login with random invalid login/pass for testing. There was message in syslog-ng: Nov 19 23:09:20 localhost sshguard[16720]: Run command "case $SSHG_ADDRKIND in 4) exec /sbin/iptables -A sshguard -s $SSHG_ADDR -j DROP ;; 6) exec /sbin/ip6tables -A sshguard -s $SSHG_ADDR -j DROP ;; *) exit -2 ;; esac": exited 0. Of course, the blocking rule was added after accepting rule. So, I think, maybe will be more correct to add rules in iptables with "-I 1" options? They will appear at the top of the chain and "good" packets will be accepted with the last rule? -- e-mail/JID: sap...@gm... |
