On Jan 9, 2008 9:18 AM, Marcin Floryan <marcin.floryan@gmail.com> wrote:

Hi!

Is there a way to merge the following iptables rules with SuseFirewall?

iptables -A INPUT -p tcp --dport 22 -m recent --set --name ssh --rsource iptables -A INPUT -p tcp --dport 22 -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT

Yeah, check the file /etc/sysconfig/scripts/SuSEfirewall2-custom after enabling FW_CUSTOMRULES var in /etc/sysconfig/SuSEfirewall2, as explained in the comments in that file Regards Marcio Ferreira --- Druid -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2008-01-09 at 11:18 -0000, Marcin Floryan wrote:

Is there a way to merge the following iptables rules with SuseFirewall?

iptables -A INPUT -p tcp --dport 22 -m recent --set --name ssh --rsource iptables -A INPUT -p tcp --dport 22 -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT

I suspect those could be added once the firewall has started but ideally I would want this as part of the firewall startup.

Did you know about this: ? FW_SERVICES_REJECT_EXT="0/0,tcp,113" # Example: # Allow max three ssh connects per minute from the same IP address: # "0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh" # # The special value _rpc_ is recognized as protocol and means that dport is # interpreted as rpc service name. See FW_SERVICES_EXT_RPC for # details. # I guess it does what you want :-? - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHhPLstTMYHG2NR9URAgsQAJ90xzEidt+THd3x2rNJixNEbGZw+wCcC3MA 77/NjH3C25YP44N4qUWUXT0= =VT1F -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org