[Firehol-support] Re: ipt_recent support?

Max Kutny mkutny at gmail.com
Mon Mar 14 17:34:18 CET 2005


On Mon, 14 Mar 2005 09:00:51 -0500, Chris AtLee <catlee at sidefx.com> wrote:
> On Mon, 2005-14-03 at 16:46 +1100, Daniel Pittman wrote:
> > On 14 Mar 2005, Chris AtLee wrote:
> > > I just saw a blog post talking about the ipt_recent module:
> > > http://blog.andrew.net.au/2005/02/17#ipt_recent_and_ssh_attacks
> > >
> > > Would it make sense to add support for this to firehol?
> >
> > I would be interested to know what, if any, thoughts others have on a
> > way to express the use of ipt_recent matches in firehol.
> 
> My initial thoughts were to simply create some global variables to set
> how long IP addresses remained in the recent tables.  ipt_recent's
> author's website suggests adding IPs to the recent table whenever you
> DROP a packet:

Probably, this is not what you want. With this dangerous approach you
may even block your router in case you drop any unnecessary (f.e.
broadcast) packets from it.

-- Max




More information about the Firehol-support mailing list