[Firehol-support] Re: ipt_recent support?
Max Kutny
mkutny at gmail.com
Mon Mar 14 14:33:15 CET 2005
On Mon, 14 Mar 2005 15:26:36 +0200, Max Kutny <mkutny at gmail.com> wrote:
> On Mon, 14 Mar 2005 16:46:49 +1100, Daniel Pittman <daniel at rimspace.net> wrote:
> > On 14 Mar 2005, Chris AtLee wrote:
> > > I just saw a blog post talking about the ipt_recent module:
> > > http://blog.andrew.net.au/2005/02/17#ipt_recent_and_ssh_attacks
>
> It appeared that there is a bug in the second example. The first line
> should go to last position so it should look like:
Probably the better solution is to simply remove -j ACCEPT from the first line:
iptables -A INCOMING -p tcp --dport 22 -m state --state NEW -m recent
--set --name SSH
iptables -A INCOMING -p tcp --dport 22 -m state --state NEW -m recent
--update --seconds 180 --hitcount 4 --rttl --name SSH -j LOG
--log-prefix "SSH_brute_force "
iptables -A INCOMING -p tcp --dport 22 -m state --state NEW -m recent
--update --seconds 180 --hitcount 4 --rttl --name SSH -j DROP
server ssh accept
-- Max
More information about the Firehol-support
mailing list