IPTABLES to IPFILTER conversion advice?

Discussion in 'Networking & Security' started by takian, Mar 24, 2019.

  1. takian

    takian n00b

    Messages:
    3
    Joined:
    Mar 24, 2019
    Hello guys, a newbie here. I want to configure a firewall "IpFilter" on OmniOS to drop SSH connection after three bad passwords entered and to time out for a while. I have found a way to do this, but the instruction refers to the "IpTables" which is firewall used typically on Linux, and it works differently (I hear it uses a script, where a Unix IpFilter uses a file).

    Not a pro at this at all, just dabbling at "nixes", so I could use some help in converting the instructions to fit the IpFilter.
    Could anyone help converting, or at least hint or give a direction? Thanks! Here are the instructions I have found for IpTables:

    ===================
    With the following solution an attacker is allowed to produce exactly 3 fault logins in 2 minutes, or he will be blocked for 120 seconds.

    1) Add the following line to /etc/ssh/sshd_config

    MaxAuthTries 1

    This will allow only 1 login attempt per connection. Restart the ssh server.

    2) Add the following firewall rules

    Create a new chain

    iptables -N SSHATTACK
    iptables -A SSHATTACK -j LOG --log-prefix "Possible SSH attack! " --log-level 7
    iptables -A SSHATTACK -j DROP

    Block each IP address for 120 seconds which establishes more than three connections within 120 seconds. In case of the fourth connection attempt, the request gets delegated to the SSHATTACK chain, which is responsible for logging the possible ssh attack and finally drops the request.

    iptables -A INPUT -i eth0 -p tcp -m state --dport 22 --state NEW -m recent --set
    iptables -A INPUT -i eth0 -p tcp -m state --dport 22 --state NEW -m recent --update --seconds 120 --hitcount 4 -j SSHATTACK
    ==================
     
  2. mwarps

    mwarps [H]ardness Supreme

    Messages:
    7,060
    Joined:
    Oct 6, 2002
  3. FNtastic

    FNtastic [H]ard|Gawd

    Messages:
    1,292
    Joined:
    Jul 6, 2013
    Why OmniOS over any others?

    I also agree that if you can use fail2ban, then do. That's going to be your easiest/best option.
     
  4. takian

    takian n00b

    Messages:
    3
    Joined:
    Mar 24, 2019
    Hey guys, thank you. I searched for "fail2ban" as suggested by mwraps, and initially it looked like this is only for IpTables (or it's newest incarnation NetFilter) again, but then there in the search results there was this:
    http://virtuallyhyper.com/2013/04/installing-and-configuring-fail2ban-on-omnios/
    Installing and Configuring Fail2Ban on OmniOS
    Which is EXACTLY what I seem to need! Perfect recommendation!

    As to why OmniOS. I started originally with Nas4Free a couple of years ago, but my dissatisfaction with it grew to the point that I wanted to know whats wrong.
    Research led me to understand that it is more or less of a work in progress, no disrespect, as everything is a that but in different degree of completion.
    I didn't like Posix user rights, coming from Windows I felt too restricted.
    But, even those documented Posix user rights just didn't work properly. I started to notice that there are many users asking why this or that doesn't work, even though they did it exactly as described in manual.
    My N4F ZFS box worked and seemed quite fast, but I never got the feeling that everything is working right and tuned right.
    While I don't blame the Nas4Free guys even a tiny little bit (because, of course, where is my own contribution to the work, right?), I just needed something that works.
    That turned out to be Solaris. ZFS was born there and spreading on out to other OSes. By now, everyone has gotten pretty much the same version (28), of course, except of Solaris itself.
    Solid manual, and solid connection between said manual and reality of what works (or at least what it seemed to be from reading other people opinions).
    Yet, after setting up S11.4, I found it bloated and immovable abandoned work of art at this point. Just on idle it consumed 50% of the CPU. Maybe there was something wrong with it?
    May-be, but there should not be, if it is to be respected.
    Word on the street is Oracle wants it to just die, and that doesn't sound good to me.
    So, after more research, it turned out that all the brains who created the magic of Solaris, had left, and where they went there were other works.
    One of the still living and actively developed projects is OmniOS (Solaris>OpenSolaris>Illumos>OmniOS), so this is what I am trying out now.
    So far so good, I love it, just that I am so damned ignorant of unix it is kind of hard to catch up. Feel like a helpless baby, can't do anything.
    But hey, they say when you feel like that, that's the steepest learning curve you actually experience, right?
    Again, it is also very likely that where anything failed, it was actually me, no question about that.

    Thanks again, guys!
     
    mwarps likes this.
  5. mwarps

    mwarps [H]ardness Supreme

    Messages:
    7,060
    Joined:
    Oct 6, 2002
    Good Stuff. There's always something out there that's done what you want to do before, you just gotta know its name :)