[arm-allstar] Script to ban IP
Doug Crompton
wa3dsp at gmail.com
Mon Jul 1 10:26:18 EDT 2019
Security seems to be another one of those themes that pops up on this list
when someone asks about it then others decide to get concerned. This really
isn't a problem if you follow a few simple rules. The one most important
thing you should do is use a secure password. 8-10 characters of mixed
letters (upper/lower case), numbers, special characters. Most are using
routers serving their LAN ahead of the Pi. This is a total firewall unless
you forward ports. Some ports are less secure and more vulnerable than
others. The Asterisk manager and SIP being two that are more vulnerable.
Using good passwords for those is important also but you can use firewall
scripts that limit who can access your server on open ports. An example is
in the supermon howto. In many cases it is better to have a whitelist of
allowed users/IP's rather than trying to ban everything bad that comes
along which is an often a never ending battle.
I do that here on a sip port that was always getting hammered. While it is
unlikely anyone could get in if you used a good password it is annoying to
have the constant tries. So using iptables rules you can drop anything but
the one you want assuming you know the ip address of the good one. This can
be determined using a domain name in the case of non-static IP's.
*73 Doug*
*WA3DSP*
*http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*
On Mon, Jul 1, 2019 at 1:49 AM "David McGough via ARM-allstar" <
arm-allstar at hamvoip.org> wrote:
>
>
> Personally, I don't recommend fail2ban on the RPi platform. While this
> utility can be very useful, it can also be VERY, VERY HEAVY! It can
> unexpectedly consume lots of CPU cycles and memory, causing more of a
> headache than the problem it should solve.
>
> BTW, I run and manage fail2ban across a large PC server farm.
>
>
> Just my $0.02.
>
>
> 73, David KB4FXC
>
>
>
>
>
> On Sun, 30 Jun 2019, "WH6AV Jesse via ARM-allstar" wrote:
>
> > From SSH CLI prompt, type the following without the <> of course.
> >
> > iptables -I INPUT 1 -s <IPADDRESS>/32 -j DROP
> >
> > Above iptables statement will insert the rule as the first entry into
> > the INPUT table.
> >
> > My advise is to run FAIL2BAN along with IPTABLES. Set your BANTIME to a
> > large number to your satisfaction.
> >
> > ---
> > WH6AV
> > Gescio Alpuro
> > Hamshack Hotline
> > Senior Engineer
> > Asia Pacific Vice President
> > PBX Line: 3234872461
> > HHUS Ext: 4532
> > HHAP Ext: 30001
> >
> > On 2019-06-30 07:05, "Rachid Karroo via ARM-allstar" wrote:
> > > Dear all
> > >
> > > Is there a script that I could insert into my Hamvoip/Supermon on my
> PI
> > > to
> > > block an IP access?
> > > Checking my web access log, I saw an IP (reported as abuse) trying to
> > > get
> > > into here.
> > >
> > > Thanks
> > > 73s
> > > Rachid
> > > 3B8FP
> > > _______________________________________________
> > >
> > > ARM-allstar mailing list
> > > ARM-allstar at hamvoip.org
> > > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> > >
> > > Visit the BBB and RPi2/3 web page - http://hamvoip.org
> > _______________________________________________
> >
> > ARM-allstar mailing list
> > ARM-allstar at hamvoip.org
> > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >
> > Visit the BBB and RPi2/3 web page - http://hamvoip.org
> >
>
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>
More information about the ARM-allstar
mailing list