How to cut off China from access to the server?

O

Ogureccc2015-01-14 18:25:41

Debian

Ogureccc, 2015-01-14 18:25:41

I saw in the fail2ban logs that brute-force passwords to ssh are coming from Chinese ip. Disabling SSH is not an option, how to cut off all of China from access to the server?

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

V

Vlad Zhivotnev, 2015-01-15
@Ogureccc

https://debian.pro/510 (iptables+geoip. Banning by country via iptables. Installing iptables-geoip/netfilter-geoip in Debian Squeeze.)
In wheezy it's even easier, see the comments srach.

E

Eugene, 2015-01-14
@Nc_Soft

change port from 22 to another (9245 as an example)
use port-knocking

S

Sergey Petrikov, 2015-01-14
@RicoX

You can cut the entire country through ipset, here is an approximate manul
dn.forceit.ru/iptables-ipset-country-block

I

Igor, 2015-01-14
@fredyk

1) Change the port
2) Install fail2ban
3) I also vote for logging in by keys =)

S

Spetros, 2015-01-14
@Spetros

Google for the ranges of addresses assigned to China and prohibit the firewall from addressing this list.
Other ways: change the ssh port, ban the subnets that include the addresses of the villains.