Menu
▾
▴
Re: [SSHGuard-users] Blocked attackers can still access docker containers
|
From: hvjunk <hv...@gm...> - 2020-02-13 06:57:10
|
On 08 Feb 2020, at 13:50 , Jos Chrispijn <ssh...@cl...> wrote: > > On 1-11-19 3:40, gi1...@gm... wrote: >> You could try: >>> 1) changing the blacklist chain to 'hook prerouting' instead of 'hook >>> input', with a higher priority than that of chain PREROURTING, i.e. >>> block the traffic before it even reaches the NAT chain. This should >>> make sshguard block both container- and host-destined traffic. >>> > Kev, could you implement/default that in the next update/grade of SSHGuard? > Have a good weekend y’all! Hmmm… a docker host, is basically a router, not a host, ie. it is a “non-standard” case. I have a case where I’d not want that to happen, ie. the bastion/router host to get protected, but the honeypots behind it to be allowed through for capturing purposes/etc. Rather have that a toggle for routers/hypervisors(ie. docker/kvm/lxc hosts), than a blanket setting. |
