Mailinglist Archive: opensuse (1620 mails)

< Previous Next >
Re: [opensuse] Susefirewall limit connections
On 2014-11-16 15:09, Otto Rodusek wrote:
On 16/11/14 21:45, Carlos E. R. wrote:

Hi Carlos,

Thanks for your feedback.

Yep, most of my ports are disabled - however I use 10022 (ssh) and
5901-5906 are VM servers that my users need to access from outside.

Ah, so the ports are opened, and something is actually listening.


From the logs (I get a LOT from France, Belgium and mostly China) I am
assuming that it is a robot dictionary or brute force attack to get the
password. That's why I want the Firewall to be "unforgiving", let you
try 5 times in 60 seconds and if you (IP) fails then permanently block
that IP. From reading "iptables" I though that's what I was doing but
from the log obviously not!!


The SUSE way:

/etc/sysconfig/SuSEfirewall2:

FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"

# Allow max three ssh connects per minute from the same IP address.

and will work unless there is something else that takes precedence opening the
same port, like perhaps FW_SERVICES_EXT_TCP.
Of course, you have to change ports adequately. Also, verify that the incoming
IPs you get are not those of your users.

If you need more control, you need one of those scripts, but the above reacts
faster, in memory. I'm unsure if "connects" counts successful connects or not.

--
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 "Bottle" at Telcontar)

< Previous Next >