Menu
▾
▴
Re: [Sshguard-users] sshguard + iptables + drop policy
|
From: Mij <mi...@ss...> - 2010-11-20 13:35:21
|
On Nov 19, 2010, at 17:36 , krivetko wrote: > Hi! > I want to use sshguard in my linux box (Gentoo: syslog-ng + iptables), I've installed and configured it accordingly official documentation. I have default drop policy for all default chains and a set of accepting rules. I've created sshguard chain in iptables and added default accept rule: iptables -A sshguard -j ACCEPT, after that I've tried to login with random invalid login/pass for testing. There was message in syslog-ng: > Nov 19 23:09:20 localhost sshguard[16720]: Run command "case $SSHG_ADDRKIND in 4) exec /sbin/iptables -A sshguard -s $SSHG_ADDR -j DROP ;; 6) exec /sbin/ip6tables -A sshguard -s $SSHG_ADDR -j DROP ;; *) exit -2 ;; esac": exited 0. > Of course, the blocking rule was added after accepting rule. So, I think, maybe will be more correct to add rules in iptables with "-I 1" options? They will appear at the top of the chain and "good" packets will be accepted with the last rule? Yes, SSHGuard injects "block" rule, the "accept" rule to follow is up to you. Since this seems to raise some doubts, I added a sample ruleset to the docs based on a previous post. Check that out and adjust it to your context: http://www.sshguard.net/docs/setup/firewall/netfilter-iptables/ |
