Ron Joffe wrote:
On Monday 10 March 2008 11:37, Otto Rodusek (AP-SGP) wrote:
Hi,
I'm a bit confused with Susefirewall. I have had a number of robot attacks against sshd so I set the following rule in SuSefirewall to limit the number of allowable sshd logins per 60 second period:
Otto,
I recommend looking at denyhosts for this function.
Ron
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Hi Ron, Thanks for the reply. I'm very familiar with both denyhosts and fail2ban and and indeed use a variant of it. I am more interested in knowing why iptables doesn't behave the way it's supposed to though. From the Susefirewall script docs if you set as per below it is supposed to limit the number of sshd logins to only 3 per 60 seconds interval but from the log this obviously isn't so and I'm curious to know what needs to be done in order for iptables to behave as advertised. Again, thanks for the advice and help. Rgds. Otto. BTW: my os is OpenSuse 10.3 x86_64 (don't think this should make a diff tho)!! ## Type: string ## Default: 0/0,tcp,113 # # Services to allow. This is a more generic form of FW_SERVICES_{IP,UDP,TCP} # and more specific than FW_TRUSTED_NETS # # Format: space separated list of net,protocol[,dport][,sport] # Example: "0/0,tcp,22" # # Supported flags are # hitcount=NUMBER : ipt_recent --hitcount parameter # blockseconds=NUMBER : ipt_recent --seconds parameter # recentname=NAME : ipt_recent --name parameter # Example: # Allow max three ssh connects per minute from the same IP address: # "0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh" # # The special value _rpc_ is recognized as protocol and means that dport is # interpreted as rpc service name. See FW_SERVICES_EXT_RPC for # details. # FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh" --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org