mkj/dropbear

Installing an IP address filter ... ???

TheHippoMan opened this issue · 2 comments

[perhaps a feature request]
I'm wondering whether anyone has written any add-on code for dropbear which can filter connections by incoming IP address.

I know that I can do this via iptables or ufw, but for various reasons (long story), neither of those is an option on my current debian host.

I'd like to somehow supply a list of IP addresses to the dropbear server, and if any incoming connection originates from any of those listed IP addresses, I'd like to cause dropbear to simply drop the connection.

I know this requires coding, and I'm willing to dive in and do this coding by myself, if necessary. But if someone has already written something like this, I'd prefer not to "re-invent the wheel".

Does anyone know of any such add-on code that might already have been written?

Thank you in advance for any thoughts or ideas.

Without coding, the easiest for you would be to use iproute2. Something like shown in example below will work out for your node:
ip route add blackhole 192.0.2.0/24

Blocking IP addressess is not something dropbear should take care of, out of scope. Blocking IP's is better dealt by using external tools, either by those listed in your post, or iproute2, or whatever tool.

mkj commented

Another option would be tcpwrappers using Dropbear in inetd mode.