Hetzner - DokuWiki

Security Firewall/en


Configuration Aids

If you are going to setup a software firewall then the following links will help with the configuration.

Tips and Tricks

Automatic Fallback

To make sure you are not blocked out of your server (due to incorrect settings) when activating the firewall for the first time, an "automatic fallback" is recommended:

./firewall start&&sleep 60&&./firewall stop

In this case the firewall is activated for only 60 seconds, to give you time to test it.

If an iptables configuration already exists, then you can add the following:

iptables-save > /tmp/savediptables

and add:

at now + 5min
iptables-restore < /tmp/savediptables

This secures the iptables configuration and restores the original configuration after 5 minutes.

Lock a single "bad" IP address or an entire range

Via the iptables filter you can easily block single IPs:

iptables -I INPUT -s <bad_IP> -j DROP

A whole range of IPs can also be blocked:

iptables -I INPUT -s <bad_subnet/range> -j DROP

Blocking dynamic IPs of attackers makes little sense of course.

List the IP addresses of SSH scans

To find out (in Debian) how often which IPs with which usernames tried to get into the server, you can use the following:

# First remove the date, as that can contain two blanks
grep Illegal | cut -b8-99 >tmp1
echo "Username tried:"
cat tmp1 | cut -d' ' -f6 | sort | uniq -c | sort -n
echo "IPs:"
cat tmp1 | cut -d' ' -f8 | sort | uniq -c | sort -n
echo "End"

Just write the above lines to a file ("checklogs"?) and make it executable with chmod +x. Then let it run over the logs:

cat /var/log/auth.log | ./checklogs

© 2019. Hetzner Online GmbH. Alle Rechte vorbehalten.