DEV Community

loading...

Discussion on: Block SSH brute-force attacks

Collapse
baptistecs profile image
Baptiste Clarey Sjöstrand

BIG WARNING HERE!

If someone try that and don't add his IP as whitelisted (1.2.3.4 example) SSH connexions won't be blocked but they won't be accepted neither...

It's needed to add this line after the iptables -A SSH_CHECK rules:
iptables -A SSH_CHECK -p tcp --dport 22 -j ACCEPT

Please update the example.

Anyway, thanks for this useful post!

Collapse
realflowcontrol profile image
Florian Engelhardt Author

You are right, this should be made explicit. In my case it was working, as my default for iptables was to accept packages, but i did not state this anywhere in my blog post. I will update the snippet to the one you posted in the other comment.

Good catch and thanks for you valuable input 👍