Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2010-06-14 11:33, Susan Dittmar wrote:
*chuckle*
I should have been more precise. I read *the log file* as one ssh attept per second, not one per minute as Carlos wrote.
Yes, that's right. I misread the log.
About the problem, I believe the ssh port must be opened by another rule; my understanding is that any other rule opening the ssh port takes precedence over the "FW_SERVICES_ACCEPT_*" one. Perhaps grepping for ssh in the file would find the culprit.
- -- Cheers / Saludos,
Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
iEYEARECAAYFAkwWiWsACgkQU92UU+smfQXdeACgjl2UHVusgsWUMd9nkvPuV+p+ gAwAnAiuB72nYabrLZTZlJqH85ZLpF5L =DQwb -----END PGP SIGNATURE-----
Hi Carlos, Yep, I did all the checks and mods that others recommended. The only reference to ssh or port 22 (/etc/sysconfig/SuSEfirewall2) is the following line: FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=5,blockseconds=60,recentname=ssh" so I'm pretty sure I got any precedence rules eliminated. So I still can't get iptables to play properly. Trying to restrict the number of ssh attempts per minute just doesn't seem to work with iptables. Oh well, hopefully I'll get this answered/solved some day...*sigh* !! Thanks to all who helped. Best regards. Otto. -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org