Hello,
In /etc/sysconfig/scripts/SuSEfirewall2-custom I have the following...
iptables -A INPUT -p tcp --syn --dport 22 -i eth0 -m recent --name
sshattack --set
iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60
--hitcount 5 -j LOG --log-prefix 'SSH attack: '
iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60
--hitcount 5 -j DROP
iptables -A INPUT -p tcp --syn --dport 20:21 -i eth0 -m recent --name
ftpattack --set
iptables -A INPUT -p udp --dport 20:21 -i eth0 -m recent --name ftpattack --set
iptables -A INPUT -m recent --name ftpattack --rcheck --seconds 60
--hitcount 5 -j LOG --log-prefix 'FTP attack: '
iptables -A INPUT -m recent --name ftpattack --rcheck --seconds 60
--hitcount 5 -j DROP
The ssh works but the ftp does not. Shouldn't they both work. What am I
doing wrong? I need to get something similar working as I am having ftp
attacks on my systems.
Thanks,
--
Boyd Gerber