禁止固定IP访问Linux系统

                           

项目名称：XX监测系统

巡检时间：2013年11月28日星期四

巡检人： 牛角书生

问题概述：

在2013年11月27日晚，发现不能远程访问WAP系统，次日早上，在公司访问正常，经查看系统日志（/var/log/secure）发现有3个固定IP，不间断的常识ssh访问系统，具体导致网络中断的原因尚不明确。

解决方案：

         考虑该系统的实际情况，做出禁止固定IP访问的策略，即用iptables限制。

具体操作：

查看日志

[root@db2 etc]# tail -500 /var/log/secure (此处仅分别截取两条记录，实际记录较多）        

Nov 28 00:25:18 db2 sshd[27535]:pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=sshruser= rhost=61.164.110.112  user=root

Nov 28 00:25:20 db2 sshd[27535]: Failedpassword for root from 61.164.110.112 port 56867ssh2

Nov 28 00:25:20 db2 sshd[27536]: Receiveddisconnect from 61.164.110.112: 11: Bye Bye

Nov 28 00:25:21 db2 sshd[27545]:pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=sshruser= rhost=61.164.110.112  user=root

Nov 28 00:25:23 db2 sshd[27545]: Failedpassword for root from 61.164.110.112 port 60728ssh2

Nov 28 00:25:23 db2 sshd[27546]: Receiveddisconnect from 61.164.110.112: 11: Bye Bye

 

Nov 28 00:25:24 db2 sshd[27562]:pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=sshruser= rhost=58.215.16.147  user=root

Nov 28 00:25:25 db2 sshd[27562]: Failedpassword for root from58.215.16.147 port 36272 ssh2

Nov 28 00:25:25 db2 sshd[27563]: Receiveddisconnect from 58.215.16.147: 11: Bye Bye

Nov 28 00:25:26 db2 sshd[27571]: pam_unix(sshd:auth):authentication failure; logname= uid=0 euid=0 tty=ssh ruser=rhost=58.215.16.147  user=root

Nov 28 00:25:28 db2 sshd[27571]: Failedpassword for root from 58.215.16.147 port 39393 ssh2

Nov 28 00:25:28 db2 sshd[27572]: Receiveddisconnect from 58.215.16.147: 11: Bye Bye

 

Nov 28 00:25:28 db2 sshd[27573]:pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=sshruser= rhost=212.146.83.246  user=root

Nov 28 00:25:30 db2 sshd[27573]: Failedpassword for root from 212.146.83.246 port 42894 ssh2

Nov 28 00:25:30 db2 sshd[27574]: Receiveddisconnect from 212.146.83.246: 11: Bye Bye

Nov 28 00:25:31 db2 sshd[27582]:pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=sshruser= rhost=212.146.83.246  user=root

Nov 28 00:25:33 db2 sshd[27582]: Failedpassword for root from212.146.83.246 port 46443 ssh2

 

配置iptables策略

[root@db2 etc]# iptables -A INPUT -p tcp -s61.164.110.112 -j DROP

[root@db2 etc]# iptables -A INPUT -p tcp -s212.146.83.246 -j DROP

[root@db2 etc]# iptables -A INPUT -p tcp -s58.215.16.147 -j DROP

[root@db2 etc]# iptables-save  保存

# Generated by iptables-save v1.3.5 on ThuNov 28 09:41:02 2013

*filter

:INPUT ACCEPT [110725:19181174]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [110361:38181970]

-A INPUT -s 61.164.110.112 -p tcp -j DROP

-A INPUT -s 212.146.83.246 -p tcp -j DROP

-A INPUT -s 58.215.16.147 -p tcp -j DROP

COMMIT

# Completed on Thu Nov 28 09:41:02 2013

[root@db2 etc]# service iptables save

将当前规则保存到 /etc/sysconfig/iptables：[确定]

[root@db2 etc]# service iptables restart

清除防火墙规则：[确定]

把 chains 设置为 ACCEPT 策略：filter [确定]

正在卸载 Iiptables 模块：[确定]

应用 iptables 防火墙规则：[确定]

载入额外 iptables 模块：ip_conntrack_netbios_ns [确定]

 

查看策略

[root@db2 etc]# iptables -L

Chain INPUT (policy ACCEPT)

target    prot opt source              destination        

DROP       tcp --  61.164.110.112       anywhere           

DROP       tcp --  212.146.83.246       anywhere           

DROP       tcp --  58.215.16.147        anywhere           

 

Chain FORWARD (policy ACCEPT)

target    prot opt source              destination        

 

Chain OUTPUT (policy ACCEPT)

target    prot opt source              destination

           

   至此问题解决！