Volker Kuhlmann wrote:
On Sun 30 Mar 2008 03:39:11 NZDT +1300, Per Jessen wrote:
If you're on a LAN, you don't really need a firewall, do you?
You're doing my trick: post well after bedtime.
Hehe, you're right.
I don't use the openSUSE firewall
That's where your problem starts getting big quickly.
Not at all. I've had my own firewall setup from way before one was introduced into SUSE Linux, and I saw/see no reason why I should switch.
, but setting up a rate-check is only 3 iptables entries.
iptables -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set iptables -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack --update --seconds 60 --hitcount 6 -j LOG --log-prefix 'SSH attack: ' iptables -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack --update --seconds 60 --hitcount 6 -j REJECT
You can't be seriously suggesting a non-tech user of opensuse employ this method. I am somewhat technically capable, but not stupid enough to roll my own iptables when SuSEfirewall2 does the trick (and with yast support and very good system integration), so the above will have to be integrated.
Yes, that is exactly what I am suggesting. /Per Jessen, Zürich --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org