Im trying to make a proper hosts.allow with the lists of sshbl.org to block the ssh brute force attackers.
The list is a text file with an IP on every line.
What I've gotten up sofar is to prefix "sshd : " on every line, but I need a " : deny" suffix behind every line as well.
How can I do this? I've made the part that is unknown to me underlined.
Code sofar:
However, you can get quite a bit of better security by blocking these IPs with a firewall (pf or iptables) and/or moving the SSH port away from the default 22.
Yeah I know, I always ran ssh @ 22222, but from some locations the tcp 22222 outbound was blocked, while 22 wasn't.
Im still working to migrate from the IPFW to PF as firewall, since PF can use these kind of files as input for firewall rules.
I also run sshguard-ipfw which puts an attacker in the IPFW firewall when guessing usernames.
So this hosts.allow is just an extra
Thx for the advice/thinking with me though!
We're not closing down threads unless they've been silent for a certain amount of time, or the contents violate our rules. You might have you answer, but someone else might add something, that another might find useful.