Íàñòðîéêà brute force protection íà ðîóòåðå

[SergeyVl]

Óâàæàåìûå ïîëüçîðâàòåëè WL500GP,
îáðàòèë âíèìàíèå, ÷òî ñèñòåìàòè÷åñêè ñ ðàçíûõ àäðåñîâ ïðîâîäÿò ñêàíèðîâàíèå ïîðòîâ. Íàïðèìåð èç ïîñëåäíåãî ëîãà

Code:

syslog.log

Jan 22 22:26:31 dropbear[328]: Child connection from ::ffff:203.127.35.164:56647
Jan 22 22:26:35 dropbear[328]: bad password attempt for 'admin' from ::ffff:203.127.35.164:56647
Jan 22 22:26:36 dropbear[328]: exit before auth (user 'admin', 1 fails): Disconnect received
Jan 22 22:26:37 dropbear[329]: Child connection from ::ffff:203.127.35.164:56802
Jan 22 22:26:40 dropbear[329]: bad password attempt for 'admin' from ::ffff:203.127.35.164:56802
Jan 22 22:26:41 dropbear[329]: exit before auth (user 'admin', 1 fails): Disconnect received
Jan 22 22:26:41 dropbear[330]: Child connection from ::ffff:203.127.35.164:56886
Jan 22 22:26:45 dropbear[330]: login attempt for nonexistent user from ::ffff:203.127.35.164:56886

Äëÿ áëîêèðîâêè èñïîëüçóþ îïèñàííóþ çäåñü ïðîöåäóðó áëîêèðîâàíèÿ IP-àäðåñîâ ñ ðó÷íûì çàíåñåíèåì èõ â ôàéë block.ip
À âîò êàê áû àâòîìàòèçèðîâàòü äàííóþ ïðîöåäóðó? Ñëàá ÿ â ëþíèêñîèäíûõ ñêðèïòàõ

Ýòî íå ñêàíèðîâàíèå ïîðòîâ, à ïîïûòêà ïîäêëþ÷èòüñÿ ÷åðåç SSH.
Ïî÷èòàéòå http://wl500g.info/showthread.php?t=8015

[vaspupkin]

×èòàë âíèìàòåëüíî, äåëàë... íå ïîëó÷èëîñü
 post-boot âñòàâèë

Code:

insmod ipt_recent

 post-firewall âñòàâëÿë îïèñàííûå ñòðîêè

Code:

iptables -t nat -I PREROUTING -i $WAN -p tcp -m state --state NEW --dport 22 -m recent --set --name SSH_ATTACKER --rsource
iptables        -I INPUT      -i $WAN -p tcp -m state --state NEW --dport 22 -m recent --update --seconds 600 --hitcount 3 --name SSH_ATTACKER --rsource -j DROP

ãäå âìåñòî $WAN ïîäñòàâëÿë $1; $3
Âñå ðàâíî íå âûõîäèò êàìåííûé öâåòîê.

Ìîæåò ÿ ïðîñòî çàáëóäèëñÿ â ñâîåì fire-wall, íå êîðîòêèé îí ó ìåíÿ
Ãëÿíüòå, êàê ïîïðàâèòü, åñëè íå òðóäíî

Code:

#!/bin/sh

# set default policy
iptables -P INPUT DROP

# remove last default rule
iptables -D INPUT -j DROP

# Block ICQ
iptables -I FORWARD -s 192.168.2.0/24 -d 64.12.25.0/24 -j DROP
iptables -I FORWARD -s 192.168.2.0/24 -d 61.12.51.0/24 -j DROP
iptables -I FORWARD -s 192.168.2.0/24 -d 64.12.161.0/24 -j DROP
iptables -I FORWARD -s 192.168.2.0/24 -d 64.12.164.0/24 -j DROP
iptables -I FORWARD -s 192.168.2.0/24 -d 61.12.174.0/24 -j DROP
iptables -I FORWARD -s 192.168.2.0/24 -d 64.12.200.0/24 -j DROP
iptables -I FORWARD -s 192.168.2.0/24 -d 64.12.202.0/24 -j DROP

iptables -I FORWARD -s 192.168.2.0/24 -d 152.163.159.0/24 -j DROP
iptables -I FORWARD -s 192.168.2.0/24 -d 152.163.208.0/24 -j DROP

iptables -I FORWARD -s 192.168.2.0/24 -d 205.188.7.0/24 -j DROP
iptables -I FORWARD -s 192.168.2.0/24 -d 205.188.8.0/24 -j DROP
iptables -I FORWARD -s 192.168.2.0/24 -d 205.188.9.0/24 -j DROP
iptables -I FORWARD -s 192.168.2.0/24 -d 205.188.153.0/24 -j DROP
iptables -I FORWARD -s 192.168.2.0/24 -d 205.188.157.0/24 -j DROP
iptables -I FORWARD -s 192.168.2.0/24 -d 205.188.165.0/24 -j DROP
iptables -I FORWARD -s 192.168.2.0/24 -d 205.188.179.0/24 -j DROP
iptables -I FORWARD -s 192.168.2.0/24 -d 205.188.248.0/24 -j DROP
iptables -I FORWARD -s 192.168.2.0/24 -d 205.188.251.0/24 -j DROP
iptables -I FORWARD -s 192.168.2.0/24 -d 205.188.253.0/24 -j DROP

# Block Rambler ICQ
iptables -I FORWARD -s 192.168.2.0/24 -d 204.15.10.0/24 -j DROP
iptables -I FORWARD -s 192.168.2.0/24 -d 81.19.64.0/24 -j DROP
iptables -I FORWARD -s 192.168.2.0/24 -d 81.19.65.0/24 -j DROP
iptables -I FORWARD -s 192.168.2.0/24 -d 81.19.66.0/24 -j DROP
iptables -I FORWARD -s 192.168.2.0/24 -d 81.19.69.0/24 -j DROP
iptables -I FORWARD -s 192.168.2.0/24 -d 81.19.70.0/24 -j DROP

# ACCEPT rules SSH, Telnet, FTP, WEB (Port 80)
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 23 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp --dport 3389 -j ACCEPT

# PREROUTING rules SSH, Telnet, FTP, WEB
iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 22 -j DNAT --to-destination
iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 23 -j DNAT --to-destination $4:23
iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 21 -j DNAT --to-destination $4:21
iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 80 -j DNAT --to-destination $4:80
iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 8080 -j DNAT --to-destination $4:8080
iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 3389 -j DNAT --to-destination $4:3389

# Drop all other connections
iptables -A INPUT -j DROP

# Block IPs
/usr/local/sbin/blockIPs

# CORBINA ROUTING
# Local network:
/sbin/route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.190.0.17
# Corbina.ru, help.corbina.ru, home.corbina.ru
/sbin/route add -net 85.21.29.242 netmask 255.255.255.255 gw 10.190.0.17
# Stat.corbina.ru
/sbin/route add -net 195.14.50.26 netmask 255.255.255.255 gw 10.190.0.17
# Mail Server
/sbin/route add -net 195.14.50.16 netmask 255.255.255.255 gw 10.190.0.17 
# Local resources
/sbin/route add -net 85.21.79.0 netmask 255.255.255.0 gw 10.190.0.17
/sbin/route add -net 85.21.90.0 netmask 255.255.255.0 gw 10.190.0.17
# Corbina.TV:
/sbin/route add -net 85.21.52.254 netmask 255.255.255.255 gw 10.190.0.17
/sbin/route add -net 85.21.88.130 netmask 255.255.255.255 gw 10.190.0.17
/sbin/route add -net 83.102.146.96 netmask 255.255.255.224 gw 10.190.0.17
/sbin/route add -net 85.21.138.210 netmask 255.255.255.255 gw 10.190.0.17
/sbin/route add -net 85.21.138.214 netmask 255.255.255.255 gw 10.190.0.17

Âñå ïîëó÷èëîñü, âñåì ñïàñèáî.  êîíåö fire-wall äîáàâèë ñëåäóþùèé êîä ñ óêàçàíèåì êîíêðåòíî "ppp0"

Code:

iptables -t nat -I PREROUTING -i ppp0 -p tcp -m state --state NEW --dport 22 -m recent --set --name SSH_ATTACKER --rsource
iptables -I INPUT -i ppp0 -p tcp -m state --state NEW --dport 22 -m recent --update --seconds 60 --hitcount 3 --name SSH_ATTACKER --rsource -j DROP