[Firehol-support] Re: Integrating ipt_recent with FireHOL

Redeeman redeeman at metanurb.dk
Thu Nov 10 20:43:02 GMT 2005 

On Thu, 2005-11-10 at 02:34 +0000, Carlos Rodrigues wrote:
> Harry Sufehmi wrote:
> > Can anyone give any clue regarding this ? I'd be interested to utilize 
> > this as well. My server (and I believe many others) have been subjected 
> > to these brute-force attacks too.
> 
> My point was more about integrating this into the "FireHOL language" 
> than being able to do this from within firehol.conf, which is already 
> possible using the "iptables" helper (which acts just like an alias for 
> "/sbin/iptables").
> 
> So, you can add the following block of code to your firehol.conf, 
> somewhere before any "interface" or "router" blocks:
> 
> #--8<---------------------
> 
> # Block any address who tries to connect more than three times within
> # 30 seconds. Unblock after it stops trying to connect for 30 seconds.
> 
> iptables -N block_abusers
> iptables -A block_abusers -p tcp --dport ssh -m recent --set --name SSH
> iptables -A block_abusers -p tcp --dport ssh -m recent \
> 	 --update --seconds 30 --hitcount 4 --name SSH -j DROP
> 
> # Filter traffic coming in to this machine
> iptables -I INPUT 1 -i eth0 -m state --state NEW -j block_abusers
> 
> # Filter traffic passing through this machine
> iptables -I FORWARD 1 -i eth0 -m state --state NEW -j block_abusers
> 
> #--8<---------------------
> 
wow, this is very cool.

it would rock if this was integrated into firehol

> The jump to chain "block_abusers" is added as the first rule in the 
> INPUT and FORWARD chains, to avoid being affected or interfering with 
> FireHOL-generated rules.
> 
> You may want to REJECT abusers instead of DROPing them while testing.
> 
> Carlos Rodrigues
> 
> 
> -------------------------------------------------------
> SF.Net email is sponsored by:
> Tame your development challenges with Apache's Geronimo App Server. Download
> it for free - -and be entered to win a 42" plasma tv or your very own
> Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support
>

More information about the Firehol-support mailing list