В Sun, 16 Nov 2014 11:37:25 +0800
Otto Rodusek
Hi ListMates,
I have a large number of attacks on my customer's ports (10022, 5901, 5904) running OpenSuse 13.1 x64.
Basically I would like the firewall to allow no more than 5 attempts per 60 second period (or 1 attempt per 12 seconds), after which I would like the firewall to PERMENANTLY LOCK out the attempting IP. I'm not sure whether this can be done via the SuseFirewall or whether I need to write a script to do it.
I have tried a couple methods with the following script BUT I still get several (thousands) attempts in my firewall logs.
But are those connection requests dropped? I.e. your question is about your rules that do not work or about how to prevent these dropped connection attempts from being logged?
Any suggestions?
Thanks and best regards. Otto.
---------Start of bash script----------- #!/bin/bash
#####command to use IPT=/usr/sbin/iptables
#####Max connection in seconds SECONDS=60
#####Max connections per IP BLOCKCOUNT=5
#####default action can be DROP or REJECT DACTION="DROP"
#####default port to monitor (if not input) PORT=10022
if [ $# = 1 ] then PORT=$1 fi
#####method 1 $IPT -A INPUT -p tcp --dport ${PORT} -m state --state NEW -m recent --set --name rule${PORT} $IPT -A INPUT -p tcp --dport ${PORT} -m state --state NEW -m recent --update --name rule${PORT} \ --seconds ${SECONDS} --hitcount ${BLOCKCOUNT} -j ${DACTION}
#####method 2 #$IPT -A INPUT -p tcp --dport ${PORT} -m state --state NEW -m recent --set # #$IPT -A INPUT -p tcp --dport ${PORT} -m state --state NEW -m recent --rcheck \ # --seconds ${SECONDS} --hitcount ${BLOCKCOUNT} -j REJECT --reject-with icmp-port-unreachable
---------End of bash script-----------
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org