[NCLUG] iptables ssh protection, but with Linksys WRT54G DD-WRT?

[Benson Chow]

First off, thanks Hugh for the presentation.  I was wonderring what people 
were doing with all these annoying ssh attempts, this surely couldn't be 
an issue I'm fighting myself.

So I tried the ssh limiting iptables rules on my 2.6 server box, this 
seemed to work just fine.  Exactly what I needed!  I was more concerned 
about people wasting my bandwidth and filling my logfiles with useless 
failed dictionary attempts than people cracking my box at this point.
Less noise in logfiles is always better!

I'd also like to get the same kind of protection working on my WRT54G 
router.  I tried the same commands, but wasn't quite sure about the device 
needed.  So, I tried each one, including the virtual devices.  In any case 
none of the command sets seemed to halt connections after too many connect 
attempts.  The commands resulted in no errors when executed, either.  The 
corresponding .so iptables module file seems to be on the filesystem, so 
that should be OK.

The main difference other than hardware is that the router is running 
Linux 2.4.32 instead of 2.6.15.  Anyone able to get these rules working on 
a 2.4 box?

This router is not running Linksys firmware, it's using DDWRT2.3. 
Iptables version matches my 2.6 box.

Thanks,

-bc

p.s. Oh.... I used to have anyone in the netblocks 210. to 213. all return 
a random number of /dev/urandom bytes.  Just hoping, that someday 
/dev/urandom generates a byte sequence fatal/buffer overflows their 
attacking script...