Carlos E. R. skrev:
The Wednesday 2008-07-02 at 23:04 +0200, Verner Kjærsgaard wrote:
Carlos E. R. skrev:
FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"
Hi,
- wow, wait a second... - does this mean that your one-liner will/could nearly replace all the functionality of "Denyhosts"??
All, all.. dunno. It certainly does its job. But remember that the firewall is actually a script that reads the configuration file and generates a set of iptables rules. Before, it was a bit longer:
/etc/sysconfig/scripts/SuSEfirewall2-custom:
iptables -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set iptables -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack --update --seconds 60 --hitcount 6 -j LOG --log-prefix 'SSH attack: ' iptables -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack --update --seconds 60 --hitcount 6 -j REJECT
- if so, it's a little easier...with all due respect to Denyhosts.
Sure :-)
-- Cheers, Carlos E. R.
Hi - thanks A LOT for the answer. This saves a lot of sweat... - one Q, though..would you put the above statement just before (inside) the very last "}" in the SuSEfirewall2-custom file? -- -------------------------------------------- Med venlig hilsen/best regards Verner Kjærsgaard Novell Certified Linux Professional 10035701 www.os-academy.dk +45 56964223 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org