Knowledgebase
APF Firewall Question:
| Posted by Darren E, 03-11-2008, 08:58 AM | | I have this IP range blocked in /etc/apf/deny_hosts.rules
203.0.0.0/8
So how come brute force detected IP:
203.196.146.74 and added it to my APF list?
Thanks in advance.
|
| Posted by zacharooni, 03-11-2008, 09:03 AM | | Paste output of:
grep 203. /etc/apf/*.*
|
| Posted by LoganNZ, 03-11-2008, 09:03 AM | | Silly question but did you restart apf?
Also i don't think the syntax is right, ive always added thru my apf-web-api 127.*.*.* for e.g
|
| Posted by Darren E, 03-11-2008, 09:13 AM | | Logan, you know what - sometimes it's the most simple tasks we overlook...
NO, I did not perform a -r after inputting the changes. That just might be it.
/etc/apf/deny_hosts.rules:203.0.0.0/8
/etc/apf/deny_hosts.rules:# added 203.196.146.74 on 03/11/08 04:10:02 with comment: {bfd.sshd}
/etc/apf/deny_hosts.rules:203.196.146.74
/etc/apf/ds_hosts.rules:203.94.243.191/24
/etc/apf/sdrop_hosts.rules:203.19.101.0/24
/etc/apf/sdrop_hosts.rules:203.31.88.0/23
/etc/apf/sdrop_hosts.rules:203.33.120.0/24
/etc/apf/sdrop_hosts.rules:203.34.205.0/24
/etc/apf/sdrop_hosts.rules:203.34.71.0/24
/etc/apf/sdrop_hosts.rules:203.82.16.0/21
|
| Posted by LoganNZ, 03-11-2008, 09:41 AM | | yeah looks like it
|
| Posted by david510, 03-12-2008, 12:54 AM | | Syntax is fine. Just for the info.
|
| Posted by Darren E, 03-13-2008, 10:33 AM | | Also, by changing my SSH port from 22 to something OTHER than 22, it has eliminated a HUGE portion of brute force attacks from my server.
I love this forum - so much great information!
|
|
 Add to Favourites
 Print this Article
|
Also Read
