This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
info:ssh-geoip [2017/03/01 20:51] created |
info:ssh-geoip [2017/03/01 21:19] (current) [2. Install filter script] |
||
---|---|---|---|
Line 8: | Line 8: | ||
===== 2. Install filter script ===== | ===== 2. Install filter script ===== | ||
- | wget https://gist.github.com/jokey2k/a74f56955124880749e7/raw/4992f993c4777c5f93513a7c66754b8765271bd9/sshfilter.sh > /usr/local/bin/ipfilter.sh | + | wget -O /usr/local/bin/ipfilter.sh https://gist.github.com/jokey2k/a74f56955124880749e7/raw/4992f993c4777c5f93513a7c66754b8765271bd9/sshfilter.sh |
===== 3. Make it executable ===== | ===== 3. Make it executable ===== | ||
chmod +x /usr/local/bin/ipfilter.sh | chmod +x /usr/local/bin/ipfilter.sh | ||
Line 20: | Line 19: | ||
We want default behaviour to block all SSH traffic | We want default behaviour to block all SSH traffic | ||
- | sed -i '/^sshd/d' ./infile | + | sed -i '/^sshd/d' /etc/hosts.deny |
echo sshd: ALL >> /etc/hosts.deny | echo sshd: ALL >> /etc/hosts.deny | ||
Line 26: | Line 25: | ||
Now call our script for allow traffic from inside hosts.allow | Now call our script for allow traffic from inside hosts.allow | ||
- | sed -i '/^sshd/d' ./infile | + | sed -i '/^sshd/d' /etc/hosts.allow |
echo "sshd: ALL: spawn /usr/local/bin/ipfilter.sh %a" >> /etc/hosts.allow | echo "sshd: ALL: spawn /usr/local/bin/ipfilter.sh %a" >> /etc/hosts.allow | ||