[Firehol-support] Re: Integrating ipt_recent with FireHOL
Carlos Rodrigues
carlos.efr at mail.telepac.pt
Sat Nov 12 05:59:57 CET 2005
Redeeman wrote:
> unless ofcourse policy accept is there, then it should still work right?
Yes, if the policy is set to accept, then this will have no effect.
> and, how come its "4 (5-1)"
Well, I guess it is just to follow the same rule that the ipt_recent
module uses, it means "act on the 5th connection". So, the attacker will
open 4 connections within 30 seconds, and the 5th will fail.
> and finally, this is on a per-ip basis right? so that if some idiot
> attacks my sshd i will still be able to connect to it, right?
Yes, this works just like the piece of code I sent on the other post,
annoying clients are blocked (and only them).
>>You can disable SECONDS or HITS by giving an empty argument:
>>
>>server smtp accept with recent SMTP "" 5
>>
>>or
>>
>>server smtp accept with recent SMTP 30 ""
>
> i dont understand, what would this accomplish?
As I understand it, it means "accept the defaults". Of course, I don't
know what the defaults are, so it may not work... ;)
--
Carlos Rodrigues
More information about the Firehol-support
mailing list