From dc9eb77276b1a62ca51cc95f071cba43abbd7080 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20Sch=C3=A4ferdiek?= Date: Mon, 10 Apr 2023 19:04:27 +0200 Subject: [PATCH] Manual backup: 2023-04-10 19:04:27 --- .obsidian/workspace.json | 8 ++++---- KB/Linux/Server/SSH Guard.md | 4 ++-- KB/Linux/Server/sshguard-iptables/sshguard-iptables | 2 -- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/.obsidian/workspace.json b/.obsidian/workspace.json index fda8372..feb274a 100644 --- a/.obsidian/workspace.json +++ b/.obsidian/workspace.json @@ -4,11 +4,11 @@ "type": "split", "children": [ { - "id": "48eb66e7fecab528", + "id": "f7331c4ec62394bd", "type": "tabs", "children": [ { - "id": "80a5e56ba431d89b", + "id": "08d8ac249a3aeba9", "type": "leaf", "state": { "type": "empty", @@ -120,12 +120,12 @@ "templater-obsidian:Templater": false } }, - "active": "80a5e56ba431d89b", + "active": "08d8ac249a3aeba9", "lastOpenFiles": [ + "KB/Linux/Server/SSH Guard.md", "KB/Linux/Server/Bootstrap.md", "KB/Linux/Server/DNS.md", "KB/Linux/Server/Docker Volume Migration.md", - "KB/Linux/Server/SSH Guard.md", "KB/Linux/Desktop/Firewall.md", "KB/Linux/Server/Hetzner/Storagebox.md", "KB/Linux/Server/Hetzner/Upgrades.md", diff --git a/KB/Linux/Server/SSH Guard.md b/KB/Linux/Server/SSH Guard.md index 063160d..2a3258a 100644 --- a/KB/Linux/Server/SSH Guard.md +++ b/KB/Linux/Server/SSH Guard.md @@ -27,16 +27,16 @@ If you have a more complex setup and use `docker`, you probably want a `FILTERS` [sshguard on wiki.archlinux.org](https://wiki.archlinux.org/index.php/Sshguard#iptables). +Use this or have rules defined inside `/etc/iptables/{iptables,ip6tables}.rules` for IPv4 or IPv6. + ```shell # IPv4 iptables -N sshguard iptables -A INPUT -m multiport -p tcp --destination-ports 22,2222 -j sshguard -iptables-save > /etc/iptables/iptables.rules # IPv6 ip6tables -N sshguard ip6tables -A INPUT -m multiport -p tcp --destination-ports 22,2222 -j sshguard -ip6tables-save > /etc/iptables/ip6tables.rules ``` Start with `systemctl enable --now sshguard` or restart afterwards with `systemctl restart sshguard` to apply or `ExecStartPre=` above in sshguard's systemd file. diff --git a/KB/Linux/Server/sshguard-iptables/sshguard-iptables b/KB/Linux/Server/sshguard-iptables/sshguard-iptables index d564703..ea6de17 100644 --- a/KB/Linux/Server/sshguard-iptables/sshguard-iptables +++ b/KB/Linux/Server/sshguard-iptables/sshguard-iptables @@ -5,11 +5,9 @@ echo "Applying iptables rules for sshguard"; # IPv4 iptables -N sshguard; iptables -A INPUT -m multiport -p tcp --destination-ports 22,2222 -j sshguard; -iptables-save > /etc/iptables/iptables.rules; # IPv6 ip6tables -N sshguard; ip6tables -A INPUT -m multiport -p tcp --destination-ports 22,2222 -j sshguard; -ip6tables-save > /etc/iptables/ip6tables.rules; systemctl restart sshguard;