› Forums › Network Management › ZeroShell › Unable to block address from trying to access my SSH server
- This topic is empty.
-
AuthorPosts
-
May 11, 2015 at 2:42 am #44283
matthew.a.squires
MemberI am unable to block address from trying to access my SSH server.
I have tried the full IP range: NO LUCK
I have tried the CIDR: NO LUCK.
The same addresses keep trying long after the rule is applied…I got the CIDR from the site : http://www.myipaddressdetails.com/ip/113.195.145.70.html
Please assist….
Firewall Rules:
blockedcountries Rules
Seq Input Output Description Log Active
1 * * DROP all opt — in * out * 58.0.0.0/8 -> 0.0.0.0/0 no
2 * * DROP all opt — in * out * 218.0.0.0/8 -> 0.0.0.0/0 no
3 * * DROP all opt — in * out * 115.0.0.0/8 -> 0.0.0.0/0 no
4 * * DROP all opt — in * out * 182.0.0.0/8 -> 0.0.0.0/0 no
5 * * DROP all opt — in * out * 222.0.0.0/8 -> 0.0.0.0/0 no
6 * * DROP all opt — in * out * 221.0.0.0/8 -> 0.0.0.0/0 no
7 * * DROP all opt — in * out * 60.0.0.0/8 -> 0.0.0.0/0 no
8 * * DROP all opt — in * out * 113.0.0.0/8 -> 0.0.0.0/0 no
9 * * DROP all opt — in * out * 182.0.0.0/8 -> 0.0.0.0/0 no
10 * * DROP all opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 source IP range 198.50.219.216-198.50.219.219 no
11 * * DROP all opt — in * out * 90.0.0.0/8 -> 0.0.0.0/0 noHow can I use the ACL from the site: “https://www.countryipblocks.net/country_selection.php” in Zeroshell to reduce the assault on my Zeroshell router????
Here are some examples of them trying:
22:40:46 User root not allowed because account is locked
22:40:46 Failed none for invalid user root from 113.195.145.70 port 54887 ssh2
22:40:46 error: Could not get shadow information for NOUSER
22:40:46 Failed password for invalid user root from 113.195.145.70 port 54887 ssh2
22:40:46 Failed password for invalid user root from 113.195.145.70 port 54887 ssh2
22:40:46 Failed password for invalid user root from 113.195.145.70 port 54887 ssh2
22:40:47 Connection from 113.195.145.70 port 33558
22:40:49 User root not allowed because account is locked
22:40:49 Failed none for invalid user root from 113.195.145.70 port 33558 ssh2
22:40:49 error: Could not get shadow information for NOUSER
22:40:49 Failed password for invalid user root from 113.195.145.70 port 33558 ssh2
22:40:49 Failed password for invalid user root from 113.195.145.70 port 33558 ssh2
22:40:50 Failed password for invalid user root from 113.195.145.70 port 33558 ssh2
22:40:50 Connection from 113.195.145.70 port 40981
22:40:52 User root not allowed because account is locked
22:40:52 Failed none for invalid user root from 113.195.145.70 port 40981 ssh2
22:40:53 error: Could not get shadow information for NOUSER
22:40:53 Failed password for invalid user root from 113.195.145.70 port 40981 ssh2
22:40:53 Failed password for invalid user root from 113.195.145.70 port 40981 ssh2
22:40:53 Failed password for invalid user root from 113.195.145.70 port 40981 ssh2
22:40:54 Connection from 113.195.145.70 port 49260
22:40:56 User root not allowed because account is locked
22:40:56 Failed none for invalid user root from 113.195.145.70 port 49260 ssh2
22:40:56 error: Could not get shadow information for NOUSER
22:40:56 Failed password for invalid user root from 113.195.145.70 port 49260 ssh2
22:40:56 Failed password for invalid user root from 113.195.145.70 port 49260 ssh2
22:40:57 Failed password for invalid user root from 113.195.145.70 port 49260 ssh2
22:40:57 Connection from 113.195.145.70 port 56738
22:40:59 User root not allowed because account is locked
22:40:59 Failed none for invalid user root from 113.195.145.70 port 56738 ssh2May 11, 2015 at 6:14 am #53810redfive
ParticipantIf you need ssh acces from your wan interface (otherwise, you may simply play with the ssh tab), you may take a look at your SYS_SSH chain
root@captive ~> iptables -L SYS_SSH -v
Chain SYS_SSH (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere
0 0 ACCEPT all -- any any 192.168.0.0/24 anywhere
485 38144 ACCEPT all -- ETH02 any anywhere anywhere
78 5908 ACCEPT all -- ETH01 any anywhere anywhere
0 0 DROP all -- any any anywhere anywhereThen add a line for each CIDR you want block, eg with 50.0.0.0/8
root@captive ~> iptables -I SYS_SSH -s 50.0.0.0/8 -j DROP
Lets look now the ssh chain
root@captive ~> iptables -L SYS_SSH -v
Chain SYS_SSH (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any 50-0-0-0.static.sonic.net/8 anywhere
0 0 ACCEPT all -- lo any anywhere anywhere
0 0 ACCEPT all -- any any 192.168.0.0/24 anywhere
579 44556 ACCEPT all -- ETH02 any anywhere anywhere
78 5908 ACCEPT all -- ETH01 any anywhere anywhere
0 0 DROP all -- any any anywhere anywhereRemember , -I (–insert) will add the rule always at the top of the chain, so if you add 4 rules, the 4th will be the 1st, the 3rd the 2nd and so on.. you may add the rules in the post-boot script.
RegardsMay 11, 2015 at 4:54 pm #53811matthew.a.squires
MemberI will DROP all inbound traffic in my WAN Port and ALLOW the USA Country ACL.
So !!! Is the a way in Zeroshell for me to add all of a Country ACL (IP Addresses) with the CIDR Notations ????
May 11, 2015 at 5:40 pm #53812redfive
ParticipantFrom web ui, System, Setup, ssh, you can declare from which interfaces (and which ip addresses) is allowed the ss management, once you declare a rule, an implicit ‘deny any’ is added at the end.
So, you may allow the management from the internal lans (or ip addresses) then add rules for wan interface and your IP Addresses Blocks.
RegardsMay 13, 2015 at 11:42 am #53813matthew.a.squires
MemberThank You for your response. I was putting to much through and effort into my network security and over thinking the process. I forgot about the acronym “KISS (Keep It Simple Stupid)”.
I was able to build on it and added additional security to me Debian Server. For Example, I limited access from the WAN connected to a small section of a carrier Sub-Net. Now, my Router is not crashing as a result of Processor Overload due to external assault.Thank You very much…..
-
AuthorPosts
- You must be logged in to reply to this topic.