Using a log monitoring tool I had noticed an IP had attempted 100-200 logins as root though failed (PAM's logs caught that), those IPs differ slightly but originate to one single domain which is a dedicated server host somewhere which I do not care if I block access, no loss.
(EDIT: Or maybe an IP range if DNS resolution is not done during checking.. I do not know how to do that either.)
I added the IPs to my iptables, how would I block a whole host (foobar.com) from accessing any of the services on my VPS including SSH? I am using Ubuntu 10.04LTS Server.
iptables does not, nor should it, use the DNS, but you can block an address range with a single statement provided the range is a complete netblock, eg:
will (provided you don't have a conflicting ACCEPT earlier in the the INPUT chain) drop all packets coming from sources
172.16.3.64-172.16.3.127.If you're not familiar with netblocks and the slash-notation for CIDR, a good guide can be found at http://en.wikipedia.org/wiki/IPv4_subnetting_reference .
If you only need to block ssh sessions this is a very useful script - http://denyhosts.sourceforge.net/
For blocking Source IP Addres............ ):
iptables -A INPUT -s 172.34.5.8 -j DROP
The RedHat INIT script is very similar. You can use it to start and stop iptables, as well as save rule sets.
To save your active rules execute the following:
/etc/init.d/iptables save
This will save your rules to '/etc/sysconfig/iptables'.
When you start iptables, the rules are read from '/etc/sysconfig/iptables':
/etc/init.d/iptables start
Starting iptables [OK]
And when you stop iptables, all rules are flushed:
/etc/init.d/iptables stop
Stopping iptables [OK]