[Firehol-support] Re: ipt_recent support?
Max Kutny
mkutny at gmail.com
Mon Mar 14 13:26:36 GMT 2005
On Mon, 14 Mar 2005 16:46:49 +1100, Daniel Pittman <daniel at rimspace.net> wrote:
> On 14 Mar 2005, Chris AtLee wrote:
> > I just saw a blog post talking about the ipt_recent module:
> > http://blog.andrew.net.au/2005/02/17#ipt_recent_and_ssh_attacks
> >
> > Would it make sense to add support for this to firehol?
>
> I have been intending to implement this for a few days now, since I
> needed to deploy something to limit service-denying attacks against
> client machines of mine, and ipt_recent was suitable.
It appeared that there is a bug in the second example. The first line
should go to last position so it should look like:
iptables -A INCOMING -p tcp --dport 22 -m state --state NEW -m recent
--update --seconds 180 --hitcount 3 --rttl --name SSH -j LOG
--log-prefix "SSH_brute_force "
iptables -A INCOMING -p tcp --dport 22 -m state --state NEW -m recent
--update --seconds 180 --hitcount 3 --rttl --name SSH -j DROP
iptables -A INCOMING -p tcp --dport 22 -m state --state NEW -m recent
--set --name SSH -j ACCEPT
-- Max
More information about the Firehol-support
mailing list