Marcus Rueckert wrote:
On 2008-03-10 10:53:08 -0500, Ron Joffe wrote:
I recommend looking at denyhosts for this function.
why having a script that parses a log file, which is written buffered, to do a job that iptables can do already.
furthermore there is an even more trivial way to achieve the same: put your sshd on a port != 22.
darix
Hi Marcus, Thanks for the reply. I fully agree that iptables should do the job by itself and indeed I have tried to change the ssh port to something other than 22 - but robot crawlers are able to quickly determine this and then you get attacks on the other port. At this point, I am more interested in knowing why iptables doesn't behave the way it's supposed to though. From the Susefirewall script docs if you set as per below it is supposed to limit the number of sshd logins to only 3 per 60 seconds interval but from the log this obviously isn't so and I'm curious to know what needs to be done in order for iptables to behave as advertised. Again, thanks for the advice and help. Rgds. Otto. BTW: my os is OpenSuse 10.3 x86_64 (don't think this should make a diff tho)!! ## Type: string ## Default: 0/0,tcp,113 # # Services to allow. This is a more generic form of FW_SERVICES_{IP,UDP,TCP} # and more specific than FW_TRUSTED_NETS # # Format: space separated list of net,protocol[,dport][,sport] # Example: "0/0,tcp,22" # # Supported flags are # hitcount=NUMBER : ipt_recent --hitcount parameter # blockseconds=NUMBER : ipt_recent --seconds parameter # recentname=NAME : ipt_recent --name parameter # Example: # Allow max three ssh connects per minute from the same IP address: # "0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh" # # The special value _rpc_ is recognized as protocol and means that dport is # interpreted as rpc service name. See FW_SERVICES_EXT_RPC for # details. # FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh" --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org