Mailinglist Archive: opensuse (1620 mails)

< Previous Next >
Re: [opensuse] Susefirewall limit connections
В Sun, 16 Nov 2014 11:37:25 +0800
Otto Rodusek <otto@xxxxxxxxxxxxxx> пишет:

Hi ListMates,

I have a large number of attacks on my customer's ports (10022, 5901,
5904) running OpenSuse 13.1 x64.

Basically I would like the firewall to allow no more than 5 attempts per
60 second period (or 1 attempt per 12 seconds), after which I would like
the firewall to PERMENANTLY LOCK out the attempting IP. I'm not sure
whether this can be done via the SuseFirewall or whether I need to write
a script to do it.

I have tried a couple methods with the following script BUT I still get
several (thousands) attempts in my firewall logs.


But are those connection requests dropped? I.e. your question is about
your rules that do not work or about how to prevent these
dropped connection attempts from being logged?

Any suggestions?

Thanks and best regards. Otto.

---------Start of bash script-----------
#!/bin/bash

#####command to use
IPT=/usr/sbin/iptables

#####Max connection in seconds
SECONDS=60

#####Max connections per IP
BLOCKCOUNT=5

#####default action can be DROP or REJECT
DACTION="DROP"

#####default port to monitor (if not input)
PORT=10022

if [ $# = 1 ]
then
PORT=$1
fi

#####method 1
$IPT -A INPUT -p tcp --dport ${PORT} -m state --state NEW -m recent
--set --name rule${PORT}
$IPT -A INPUT -p tcp --dport ${PORT} -m state --state NEW -m recent
--update --name rule${PORT} \
--seconds ${SECONDS} --hitcount ${BLOCKCOUNT} -j ${DACTION}

#####method 2
#$IPT -A INPUT -p tcp --dport ${PORT} -m state --state NEW -m recent --set
#
#$IPT -A INPUT -p tcp --dport ${PORT} -m state --state NEW -m recent
--rcheck \
# --seconds ${SECONDS} --hitcount ${BLOCKCOUNT} -j REJECT
--reject-with icmp-port-unreachable

---------End of bash script-----------


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References