Re: [opensuse] firewall/iptables suggestion for preventing brute-force SIP attempts?

4 Apr 2013


      Hi Per,
On 04/04/2013 01:41 PM, Per Jessen wrote:
...
FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"
...
Been there already does not work  and of course EXT_UDP is not
including 5060 :(
Hi Togan
do you remember why it doesn't work?  It's been a while since I disabled
my attempts, I can't remember why it didn't work.
Can't remember it either, it has been a while but it is not the case
that the rule does not catch because it does

Apr  4 06:26:11 whale kernel: SFW2-INext-ACC IN=eth0 OUT=
MAC=00:19:66:3f:7f:fe:00:0d:65:ec:6e:ae:08:00 SRC=91.121.0.209
DST=XXX.XXX.XXX.XX LEN=773 TOS=0x00 PREC=0x00 TTL=120 ID=1888 PROTO=UDP
SPT=5078 DPT=5060 LEN=753

Apr  4 06:26:12 whale kernel: SFW2-INext-ACC IN=eth0 OUT=
MAC=00:19:66:3f:7f:fe:00:0d:65:ec:6e:ae:08:00 SRC=91.121.0.209
DST=XXX.XXX.XXX.XX LEN=778 TOS=0x00 PREC=0x00 TTL=120 ID=1963 PROTO=UDP
SPT=5073 DPT=5060 LEN=758

Apr  4 06:26:26 whale kernel: SFW2-INext-ACC IN=eth0 OUT=
MAC=00:19:66:3f:7f:fe:00:0d:65:ec:6e:ae:08:00 SRC=91.121.0.209
DST=XXX.XXX.XXX.XX LEN=781 TOS=0x00 PREC=0x00 TTL=120 ID=2836 PROTO=UDP
SPT=5070 DPT=5060 LEN=761

Apr  4 06:26:32 whale kernel: SFW2-INext-DROPr IN=eth0 OUT=
MAC=00:19:66:3f:7f:fe:00:0d:65:ec:6e:ae:08:00 SRC=91.121.0.209
DST=XXX.XXX.XXX.XX LEN=784 TOS=0x00 PREC=0x00 TTL=120 ID=3157 PROTO=UDP
SPT=5071 DPT=5060 LEN=764


-- 
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse+owner@opensuse.org

Re: [opensuse] firewall/iptables suggestion for preventing brute-force SIP attempts?

Togan Muftuoglu