IPTables rules and hosts that use DHCP
- From: "K. Jennings" <kjennings@xxxxxxxxxxxxxx>
- Date: Thu, 27 Dec 2007 13:58:09 -0000
I have a set of IPTables rules to keep SSH attacks at bay - you
know, to prevent script kiddies from hammering my servers with oodles of
password authentication requests with all sorts of passwords and/or
usernames. Essentially, the rules blacklist hosts that attempt to connect
more than three times within a 30 second time interval. I also have an
IPTables rule that exempts some hosts from such constraints - that is,
SSH connections from such hosts are accepted at any connection rate.
The proble that I have is that one of those hosts uses DHCP, and
its IP address changes with time. I use DynDNS services so that I can use
the same name (let's call it A) for that host, with the guarantee that it
will always resolve to the right IP address. However, I notice that when
I use the name A in my IPTables rule, when checking out the rule with
iptables -L the name actually used is the one assigned to the particular
IP address in use at the time the rule was defined - which is fine until
the host I am interested in changes its IP address.
Is there a way around this? Unfortunately, reconfiguring my SSH
servers so that password authentication is not accepted is not an option.
.
- Follow-Ups:
- Re: IPTables rules and hosts that use DHCP
- From: Florian Diesch
- Re: IPTables rules and hosts that use DHCP
- From: Moe Trin
- Re: IPTables rules and hosts that use DHCP
- From: The Natural Philosopher
- Re: IPTables rules and hosts that use DHCP
- Prev by Date: WINE Problem on SUSE 10.3
- Next by Date: Re: Some websites do not load well on wifi
- Previous by thread: WINE Problem on SUSE 10.3
- Next by thread: Re: IPTables rules and hosts that use DHCP
- Index(es):
Relevant Pages
|
