Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 13th May 2008, 14:06
bswinnerton bswinnerton is offline
Senior Member
 
Join Date: Jul 2007
Location: Connecticut, US
Posts: 502
Thanks: 51
Thanked 16 Times in 13 Posts
Default Using iptables to block ftp access

Is it possible to use a command similar to this:

Code:
sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
to block ftp access in the same way?

It would look something like this:

Code:
sudo iptables -A INPUT -i eth0 -p tcp --dports 20,21 -m state --state NEW -m recent --set --name FTP
sudo iptables -A INPUT -i eth0 -p tcp --dports 20,21 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name FTP -j DROP
Reply With Quote
Sponsored Links
  #2  
Old 14th May 2008, 16:29
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Basically it *should* work.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 14th May 2008, 16:41
bswinnerton bswinnerton is offline
Senior Member
 
Join Date: Jul 2007
Location: Connecticut, US
Posts: 502
Thanks: 51
Thanked 16 Times in 13 Posts
Default

=) Thanks Falko
Reply With Quote
  #4  
Old 14th May 2008, 18:56
chipsafts chipsafts is offline
Senior Member
 
Join Date: Nov 2007
Posts: 184
Thanks: 2
Thanked 6 Times in 6 Posts
Default

or you could use /etc/hosts.deny
and get the stats from the system log file.
Reply With Quote
  #5  
Old 18th May 2008, 05:48
bswinnerton bswinnerton is offline
Senior Member
 
Join Date: Jul 2007
Location: Connecticut, US
Posts: 502
Thanks: 51
Thanked 16 Times in 13 Posts
Default

Would that automatically block them?
Reply With Quote
  #6  
Old 19th May 2008, 15:44
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
 
Default

Yes, that's right.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
IPtables rule to let PPTP access LAN brianwebb01 Installation/Configuration 0 1st May 2008 21:23
Question about Virtual Hosting With Proftpd And MySQL (Incl. Quota) On Debian Etch ikkem HOWTO-Related Questions 30 26th February 2008 19:38
Match IP with MAC using iptables for squid block cooljai Server Operation 0 30th August 2007 18:30
configuring IPTABLES firewall adityavpratap HOWTO-Related Questions 9 27th May 2006 21:42
Website users? ctroyp General 25 6th January 2006 18:02


All times are GMT +2. The time now is 18:20.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.