Mailinglist Archive: opensuse-security (26 mails)

[Ludwig Nussel <ludwig.nussel@xxxxxxx>]

Otto Rodusek wrote:
> Yep, I did all the checks and mods that others recommended. The only 
> reference to ssh or port 22 (/etc/sysconfig/SuSEfirewall2) is the 
> following line:
>
> FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=5,blockseconds=60,recentname=ssh"
>  
>
> so I'm pretty sure I got any precedence rules eliminated. So I still 
> can't get iptables to play properly. Trying to restrict the number of 
> ssh attempts per minute just doesn't seem to work with iptables. Oh 
> well, hopefully I'll get this answered/solved some day...*sigh* !!

Works fine here on 11.2

$ while netcat -w 1 myhost 22 < /dev/null ; do :; done
SSH-2.0-OpenSSH_5.2
SSH-2.0-OpenSSH_5.2
SSH-2.0-OpenSSH_5.2
SSH-2.0-OpenSSH_5.2
SSH-2.0-OpenSSH_5.2
$

Sometimes it helps to use e.g. 'watch' to see which rules trigger:
$ watch -d sudo iptables -vnL input_ext

Also try startig from scratch¹ and only modify FW_SERVICES_ACCEPT_EXT.

cu
Ludwig

[1] cp /var/adm/fillup-templates/sysconfig.SuSEfirewall2 
/etc/sysconfig/SuSEfirewall2

-- 
 (o_   Ludwig Nussel
 //\   
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx