On Sat, Nov 22, 2008 at 4:49 PM, Bob Williams
On Saturday 22 November 2008 08:43:14 Carlos E. R. wrote:
On Saturday, 2008-11-22 at 00:52 -0600, David C. Rankin wrote:
What is that automated Block??? package that updates your hosts.deny file if you have x attempts in y minutes from an IP?
You can use the automated block mechanism included in susefirewall. Simply activate it.
-- Cheers, Carlos E. R.
Carlos, can you give chapter & verse on where to find the automated block mechanism, please? It's early morning and I'm not feeling very clever :(
I've also been getting the attacks that David describes, mostly from addresses in China, but once from Brazil. But maybe they've been spoofed?
Bob
This lines taken from /etc/sysconfig/SuSEfirewall2 ## Type: string ## Default: # # Services to allow. This is a more generic form of FW_SERVICES_{IP,UDP,TCP} # and more specific than FW_TRUSTED_NETS # # Format: space separated list of net,protocol[,dport[,sport[,flags]]] # Example: "0/0,tcp,22" # # Supported flags are # hitcount=NUMBER : ipt_recent --hitcount parameter # blockseconds=NUMBER : ipt_recent --seconds parameter # recentname=NAME : ipt_recent --name parameter # Example: # Allow max three ssh connects per minute from the same IP address: # "0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh" # # The special value _rpc_ is recognized as protocol and means that dport is # interpreted as rpc service name. See FW_SERVICES_EXT_RPC for # details. # FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh" medwinz -- Yogi Berra - "I never said most of the things I said." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org