Ludwig Nussel wrote:
Otto Rodusek wrote:
Yep, I did all the checks and mods that others recommended. The only reference to ssh or port 22 (/etc/sysconfig/SuSEfirewall2) is the following line:
FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=5,blockseconds=60,recentname=ssh"
so I'm pretty sure I got any precedence rules eliminated. So I still can't get iptables to play properly. Trying to restrict the number of ssh attempts per minute just doesn't seem to work with iptables. Oh well, hopefully I'll get this answered/solved some day...*sigh* !!
Works fine here on 11.2
$ while netcat -w 1 myhost 22 < /dev/null ; do :; done SSH-2.0-OpenSSH_5.2 SSH-2.0-OpenSSH_5.2 SSH-2.0-OpenSSH_5.2 SSH-2.0-OpenSSH_5.2 SSH-2.0-OpenSSH_5.2 $
Sometimes it helps to use e.g. 'watch' to see which rules trigger: $ watch -d sudo iptables -vnL input_ext
Also try startig from scratch¹ and only modify FW_SERVICES_ACCEPT_EXT.
cu Ludwig
[1] cp /var/adm/fillup-templates/sysconfig.SuSEfirewall2 /etc/sysconfig/SuSEfirewall2
Hi Ludwig, Ok, this generated some interesting results. $ while netcat -w 1 myhost 22 < /dev/null ; do :; done SSH-2.0-OpenSSH_5.2 (607 lines of same as above)!!!!! $ So unlike yours, mine generated 607 lines before it stopped!! I then ran: bunyip:/var/log # watch -d sudo iptables -vnL input_ext Every 2.0s: sudo iptables -vnL input_ext Tue Jun 15 22:37:26 2010 Chain input_ext (2 references) pkts bytes target prot opt in out source destination 5608 749K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:137 state RELATED 0 0 ACCEPT 47 -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:10000 flags :0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP ' 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000 6 288 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:10001 flags :0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP ' 24 1152 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10001 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:1723 flags: 0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP ' 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:20 flags:0x 17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP ' 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:47 flags:0x 17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP ' 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:47 2 108 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:80 flags:0x 17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP ' 2 108 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 9 476 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:443 flags:0 x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP ' 9 476 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:25 flags:0x 17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP ' 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:465 flags:0 x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP ' 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:465 2 96 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:139 flags:0 x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP ' 2 96 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 4 224 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:445 flags:0 x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP ' 6 494 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 15 720 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:21 flags:0x 17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP ' 15 720 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpts:30000:3010 0 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP ' 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:30000:30100 Not sure if any of the above helps to isolate the issue. In fact, I did try to gen a new /etc/sysconfig/SuSEfirewall2 when all this started and the only line with reference to port 22 and or ssh was: FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=5,blockseconds=60,recentname=ssh" Again, thanks for all your feedback and help. Best regards. Otto. -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org