[Firehol-support] Re: Integrating ipt_recent with FireHOL

Carlos Rodrigues carlos.efr at mail.telepac.pt
Sat Nov 12 04:59:57 GMT 2005


Redeeman wrote:
> unless ofcourse policy accept is there, then it should still work right?

Yes, if the policy is set to accept, then this will have no effect.

> and, how come its "4 (5-1)"

Well, I guess it is just to follow the same rule that the ipt_recent 
module uses, it means "act on the 5th connection". So, the attacker will 
open 4 connections within 30 seconds, and the 5th will fail.

> and finally, this is on a per-ip basis right? so that if some idiot
> attacks my sshd i will still be able to connect to it, right?

Yes, this works just like the piece of code I sent on the other post, 
annoying clients are blocked (and only them).

>>You can disable SECONDS or HITS by giving an empty argument:
>>
>>server smtp accept with recent SMTP "" 5
>>
>>or
>>
>>server smtp accept with recent SMTP 30 ""
> 
> i dont understand, what would this accomplish?

As I understand it, it means "accept the defaults". Of course, I don't 
know what the defaults are, so it may not work... ;)

-- 
Carlos Rodrigues




More information about the Firehol-support mailing list