Actually, I don't mean to be arguementative,,, but your wrong :-) take a look at lines 203 and 205 of /etc/portsentry/portsentry.conf
its a kill route for ipchains or iptables, you just choose the one you want, (uncomment it) and it will add a rule for each blocked host... I have used it and it works well... portsentry has done this since ver 1 or before. (it worked on Mandrake7.2) rgds Frank -----Original Message----- From: Michael Viron [mailto:[EMAIL PROTECTED]] Sent: Friday, 18 January 2002 12:04 AM To: [EMAIL PROTECTED] Subject: RE: [expert] SSH message not to panic >Then anyone scanning your ssh port would be blocked by ipchains/iptables, >except you, so you can connect to your hearts content without worrying about >getting rooted. actually, no. Portsentry will add the IP to hosts.deny, but will not create an ipchains / iptables rule. To do that, you'd either have to grep for the warn info in the log file, and then add the ipchains / iptables rules based on that (via a cronned script) or hack portsentry. > > >incidently, does anyone know how to creat a iptables rule based on allowing >access to a domain name? (ie not an IP address) should be the same as the ones for ip, except replace the IP with the name. I believe: A) when the machine in question attempts to connect, it will translate the IP to whatever the name is and then check the rule based on that. B) or, the name in the rule will be translated to the IP in question, and then the rule will be checked. 'Address can be either a hostname, a network name, or a plain IP address.' stated in both the ipchains and iptables man pages. Michael -- Michael Viron Registered Linux User #81978 Senior Systems & Administration Consultant Web Spinners, University of West Florida
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
