Otto Rodusek wrote:
Yep, I did all the checks and mods that others recommended. The only reference to ssh or port 22 (/etc/sysconfig/SuSEfirewall2) is the following line:
FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=5,blockseconds=60,recentname=ssh"
so I'm pretty sure I got any precedence rules eliminated. So I still can't get iptables to play properly. Trying to restrict the number of ssh attempts per minute just doesn't seem to work with iptables. Oh well, hopefully I'll get this answered/solved some day...*sigh* !!
Works fine here on 11.2 $ while netcat -w 1 myhost 22 < /dev/null ; do :; done SSH-2.0-OpenSSH_5.2 SSH-2.0-OpenSSH_5.2 SSH-2.0-OpenSSH_5.2 SSH-2.0-OpenSSH_5.2 SSH-2.0-OpenSSH_5.2 $ Sometimes it helps to use e.g. 'watch' to see which rules trigger: $ watch -d sudo iptables -vnL input_ext Also try startig from scratch¹ and only modify FW_SERVICES_ACCEPT_EXT. cu Ludwig [1] cp /var/adm/fillup-templates/sysconfig.SuSEfirewall2 /etc/sysconfig/SuSEfirewall2 -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org