Mailinglist Archive: opensuse (1620 mails)

< Previous Next >
Re: [opensuse] Susefirewall limit connections
On 16/11/14 13:17, Andrei Borzenkov wrote:
В Sun, 16 Nov 2014 11:37:25 +0800
Otto Rodusek <otto@xxxxxxxxxxxxxx> пишет:

Hi ListMates,

I have a large number of attacks on my customer's ports (10022, 5901,
5904) running OpenSuse 13.1 x64.

Basically I would like the firewall to allow no more than 5 attempts per
60 second period (or 1 attempt per 12 seconds), after which I would like
the firewall to PERMENANTLY LOCK out the attempting IP. I'm not sure
whether this can be done via the SuseFirewall or whether I need to write
a script to do it.

I have tried a couple methods with the following script BUT I still get
several (thousands) attempts in my firewall logs.

But are those connection requests dropped? I.e. your question is about
your rules that do not work or about how to prevent these
dropped connection attempts from being logged?

Hi Andrei,

Thanks for the feedback.

The logging is not a problem, the problem is that the iptables command doesn't seem to do what I thought it was supposed to do. Here is an example from my log file (there are LOTS of lines over several hours!!). I was hoping that the iptables command would limit the number of attempts and finally lock out that IP once exceeded, but obviously it doesn't as the particular IP address has done this over several days over several hours!!

2014-11-08T21:04:52.851384+08:00 bunyip kernel: [3536575.813776] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=38562 DF PROTO=TCP SPT=47964 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A000666B30000000001030307)
2014-11-08T21:04:57.983911+08:00 bunyip kernel: [3536580.949445] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=52139 DF PROTO=TCP SPT=52698 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A00066BB70000000001030307)
2014-11-08T21:05:02.877929+08:00 bunyip kernel: [3536585.846438] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=15420 DF PROTO=TCP SPT=57204 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0006707F0000000001030307)
2014-11-08T21:05:08.043552+08:00 bunyip kernel: [3536591.015224] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=48359 DF PROTO=TCP SPT=33597 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0006758C0000000001030307)
2014-11-08T21:05:12.911752+08:00 bunyip kernel: [3536595.886393] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=47081 DF PROTO=TCP SPT=38115 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A00067A4D0000000001030307)
2014-11-08T21:05:17.961754+08:00 bunyip kernel: [3536600.939480] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=56620 DF PROTO=TCP SPT=42714 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A00067F3B0000000001030307)
2014-11-08T21:05:32.912927+08:00 bunyip kernel: [3536615.899782] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=35327 DF PROTO=TCP SPT=56349 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A00068DD70000000001030307)
2014-11-08T21:05:57.892471+08:00 bunyip kernel: [3536640.894567] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=14608 DF PROTO=TCP SPT=50958 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0006A63E0000000001030307)
2014-11-08T21:06:17.808658+08:00 bunyip kernel: [3536660.822919] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=26873 DF PROTO=TCP SPT=40463 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0006B9B50000000001030307)
2014-11-08T21:06:37.773930+08:00 bunyip kernel: [3536680.800384] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=60143 DF PROTO=TCP SPT=58852 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0006CD350000000001030307)
2014-11-08T21:06:57.797590+08:00 bunyip kernel: [3536700.836260] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=22112 DF PROTO=TCP SPT=48613 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0006E0C50000000001030307)
2014-11-08T21:07:17.782994+08:00 bunyip kernel: [3536720.833862] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=48920 DF PROTO=TCP SPT=38471 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0006F44D0000000001030307)
2014-11-08T21:07:37.761986+08:00 bunyip kernel: [3536740.825048] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=28295 DF PROTO=TCP SPT=56108 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A000707D20000000001030307)
2014-11-08T21:07:57.723609+08:00 bunyip kernel: [3536760.798852] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=30533 DF PROTO=TCP SPT=45829 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A00071B510000000001030307)
2014-11-08T21:08:17.601746+08:00 bunyip kernel: [3536780.689131] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=54043 DF PROTO=TCP SPT=35351 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A00072EBE0000000001030307)
2014-11-08T21:08:37.559332+08:00 bunyip kernel: [3536800.658897] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=19444 DF PROTO=TCP SPT=53381 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0007423E0000000001030307)
2014-11-08T21:08:57.553541+08:00 bunyip kernel: [3536820.665316] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=10137 DF PROTO=TCP SPT=43200 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A000755C60000000001030307)
2014-11-08T21:09:17.508288+08:00 bunyip kernel: [3536840.632262] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=31817 DF PROTO=TCP SPT=32971 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A000769460000000001030307)
2014-11-08T21:09:37.504029+08:00 bunyip kernel: [3536860.637203] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=20686 DF PROTO=TCP SPT=50993 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A00077CCE0000000001030307)
2014-11-08T21:09:57.379610+08:00 bunyip kernel: [3536880.527903] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=64477 DF PROTO=TCP SPT=40727 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0007903A0000000001030307)
2014-11-08T21:10:17.469363+08:00 bunyip kernel: [3536900.629923] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=18387 DF PROTO=TCP SPT=58777 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0007A3DA0000000001030307)
2014-11-08T21:10:37.465203+08:00 bunyip kernel: [3536920.637970] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=4858 DF PROTO=TCP SPT=48522 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0007B7640000000001030307)
2014-11-08T21:10:57.510250+08:00 bunyip kernel: [3536940.695270] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=25174 DF PROTO=TCP SPT=38300 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0007CAF90000000001030307)
2014-11-08T21:11:17.471601+08:00 bunyip kernel: [3536960.668789] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=15924 DF PROTO=TCP SPT=56265 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0007DE790000000001030307)
2014-11-08T21:11:37.521634+08:00 bunyip kernel: [3536980.731069] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=1092 DF PROTO=TCP SPT=46159 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0007F2110000000001030307)
2014-11-08T21:11:57.471463+08:00 bunyip kernel: [3537000.693068] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=28668 DF PROTO=TCP SPT=35877 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0008058D0000000001030307)
2014-11-08T21:12:17.412596+08:00 bunyip kernel: [3537020.646375] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=41402 DF PROTO=TCP SPT=53897 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A000819090000000001030307)
2014-11-08T21:12:37.295939+08:00 bunyip kernel: [3537040.541848] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=62125 DF PROTO=TCP SPT=43645 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A00082C760000000001030307)
2014-11-08T21:12:57.379832+08:00 bunyip kernel: [3537060.638005] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=38390 DF PROTO=TCP SPT=33400 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A000840150000000001030307)
2014-11-08T21:13:17.449969+08:00 bunyip kernel: [3537080.720385] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=21063 DF PROTO=TCP SPT=51491 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A000853B10000000001030307)
2014-11-08T21:13:37.436456+08:00 bunyip kernel: [3537100.719086] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=40444 DF PROTO=TCP SPT=41307 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A000867380000000001030307)
2014-11-08T21:13:57.364570+08:00 bunyip kernel: [3537120.659356] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=60154 DF PROTO=TCP SPT=59381 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A00087AB00000000001030307)
2014-11-08T21:14:17.406279+08:00 bunyip kernel: [3537140.713300] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=12711 DF PROTO=TCP SPT=49339 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A00088E460000000001030307)
2014-11-08T21:14:37.254580+08:00 bunyip kernel: [3537160.573717] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=17121 DF PROTO=TCP SPT=39182 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0008A1A90000000001030307)
2014-11-08T21:14:57.280334+08:00 bunyip kernel: [3537180.611716] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=12916 DF PROTO=TCP SPT=57327 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0008B53A0000000001030307)
2014-11-08T21:15:17.414029+08:00 bunyip kernel: [3537200.757688] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=50907 DF PROTO=TCP SPT=47183 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0008C8E50000000001030307)
2014-11-08T21:15:37.476735+08:00 bunyip kernel: [3537220.832641] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=13196 DF PROTO=TCP SPT=37007 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0008DC800000000001030307)
2014-11-08T21:15:57.375935+08:00 bunyip kernel: [3537240.742119] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=36405 DF PROTO=TCP SPT=54990 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A0008EFF10000000001030307)
2014-11-08T21:16:17.330560+08:00 bunyip kernel: [3537260.710788] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=34740 DF PROTO=TCP SPT=44826 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A000903700000000001030307)
2014-11-08T21:16:37.373204+08:00 bunyip kernel: [3537280.765668] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=25839 DF PROTO=TCP SPT=34522 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A000917050000000001030307)
2014-11-08T21:16:57.262182+08:00 bunyip kernel: [3537300.666787] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=53728 DF PROTO=TCP SPT=52493 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A00092A720000000001030307)
2014-11-08T21:17:17.282405+08:00 bunyip kernel: [3537320.699219] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=32578 DF PROTO=TCP SPT=42314 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A00093E020000000001030307)
2014-11-08T21:17:37.251664+08:00 bunyip kernel: [3537340.680675] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=4494 DF PROTO=TCP SPT=60325 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A000951860000000001030307)
2014-11-08T21:17:57.219306+08:00 bunyip kernel: [3537360.660509] SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=b8:ac:6f:80:12:a5:40:16:7e:a0:df:e5:08:00 SRC=212.83.177.15 DST=192.168.19.1 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=16319 DF PROTO=TCP SPT=50041 DPT=5901 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A000965060000000001030307)
2014-11-08T21:18:17.206388+08:00 bunyip kernel: [3537380.65


On 16/11/14 17:15, Florian Gleixner wrote:
The tool fail2ban is designed for that. fail2bal watches logfiles and
you can define limits and actions. Builtin actions are locking out via
iptables or tcpwrapper. The iptables lockout works with SuSEfirewall.



Hi Florian,

Thanks for the feedback.

I've heard of fail2ban and was hoping not to have to use it and "simply" make use of iptables. If I can't get a solution to iptables then I may have no choice and migrate to fail2ban.

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >