[WBEL-users] iptables auto add baddies script?
Jon Lewis
jlewis@lewis.org
Wed, 29 Dec 2004 17:39:45 -0500 (EST)
On Wed, 29 Dec 2004, Benjamin J. Weiss wrote:
> >You people are doing this the wrong way around. Don't block the hosts you
> >think are "bad". Block everyone. Then allow just the IP ranges you
> >actually need to have access.
> >
> Then how would I get to my machine when I'm away on business, or called
> up for duty with the National Guard?
Same way I do when I travel. Setup an SSL web server, self-signed key,
and password protected CGI that adds IPs to your permitted list of IPs.
> Although, now that I'm getting regular attacks against my ssh server,
> that port knocking thing is sure sounding a lot better...
>
> http://www.linuxjournal.com/article/6811
Similar idea, different implementation.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________