On Tue, 11 Mar 2008, Carlos E. R. wrote:
The Monday 2008-03-10 at 20:23 -0600, Boyd Lynn Gerber wrote:
On Mon, 10 Mar 2008, Carlos E. R. wrote:
The Monday 2008-03-10 at 17:21 +0100, Ludwig Nussel wrote:
FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"
Provided that your network interface is in the external zone this should work fine.
I never could get the above to work properly. That is why I went to the rules in /etc/sysconfig/scripts/SuSEfirewall2-custom. They never failed me. Have you tried them?
That's what I used previously. But since installing 10.3 and seeing that cute syntax for FW_SERVICES_ACCEPT_EXT, I used that instead. So much more easy!
But it never worked for me in any 10.3 version I tried. I did not bug report it as the custom worked. I also have a ftp rule as well. To avoid ftp attacks.
Or perhaps it also does not work in ...custom (I haven't checked and I'm off to sleep now). Then iptables is broken and must be repaired.
Same here, I am going to bed as well.
Maybe the trick is to define "FW_SERVICES_ACCEPT_EXT" and undefine any other "accept" rule. That is not documented if so!
I do not know.
--
Boyd Gerber