Carlos E. R. wrote:
Another idea: use the "recent" module of iptables to automatically block repeated "polls". There was a brief thread in the security list time ago. I just re-read your post and decided it looks interesting. I want to give it a try
I I use this in SuSEfirewall2-custom, function fw_custom_before_antispoofing(): before your post, I didn't even know of the existence of this file.
On the sixth attempt to connect to port 22 within 60 seconds, that IP is rejected. It is simple to modify. Don't ask me much about it, I'm no expert on iptables ;-) That's ok, I barely understand it. I am looking at the SuSEfirewall2-custom file and am a little confused. The text at the top says there is no help and I can accept that. I suppose I just plug in custom rules in the places where I want them to happen. The last item in each section is "true". Is this always there regardless whether I have custom rules in that section? should it always be true?
Damon Register