-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-03-10 at 17:21 +0100, Ludwig Nussel wrote:
FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"
Provided that your network interface is in the external zone this should work fine.
There is a problem. I tried to set that line on my system, and on firewall reload I get an error: nimrodel:~ # SuSEfirewall2 SuSEfirewall2: Setting up rules from /etc/sysconfig/SuSEfirewall2 ... SuSEfirewall2: Warning: no default firewall zone defined, assuming 'ext' SuSEfirewall2: Firewall customary rules loaded from /etc/sysconfig/scripts/SuSEfirewall2-custom SuSEfirewall2: batch committing... SuSEfirewall2: Firewall rules successfully set nimrodel:~ # jstar /etc/sysconfig/SuSEfirewall2 nimrodel:~ # SuSEfirewall2 SuSEfirewall2: Setting up rules from /etc/sysconfig/SuSEfirewall2 ... SuSEfirewall2: Warning: no default firewall zone defined, assuming 'ext' SuSEfirewall2: Firewall customary rules loaded from /etc/sysconfig/scripts/SuSEfirewall2-custom SuSEfirewall2: batch committing... ip6tables-batch v1.3.8: Couldn't load match `recent':/usr/lib/iptables/libip6t_recent.so: cannot open shared object file: No such file or directory Try `ip6tables-batch -h' or 'ip6tables-batch --help' for more information. SuSEfirewall2: Error: ip6tables-batch failed, re-running using ip6tables ip6tables v1.3.8: Couldn't load match `recent':/usr/lib/iptables/libip6t_recent.so: cannot open shared object file: No such file or directory Try `ip6tables -h' or 'ip6tables --help' for more information. ip6tables v1.3.8: Couldn't load match `recent':/usr/lib/iptables/libip6t_recent.so: cannot open shared object file: No such file or directory Try `ip6tables -h' or 'ip6tables --help' for more information. SuSEfirewall2: Firewall rules successfully set nimrodel:~ # locate libip6t_recent nimrodel:~ # uname -a Linux nimrodel 2.6.22.17-0.1-default #1 SMP 2008/02/10 20:01:04 UTC i686 i686 i386 GNU/Linux If "libip6t_recent.so" is missing from the kernel, it won't work, no? Or is that only for ip version 6? Anyway, running "SuSEfirewall2 status" here shows: 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW recent: UPDATE seconds: 60 hit_count: 3 TTL-Match name: ssh side: source 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW recent: SET name: ssh side: source 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 His output is not the same as mine: 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:22 state NEW recent: CHECK seconds: 60 hit_count: 3 name: ssh side: source LOG flags 6 level 4 prefix `SFW2-INext-DROPr ' 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW recent: UPDATE seconds: 60 hit_count: 3 TTL-Match name: ssh side: source 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-INext-ACC ' 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW recent: SET name: ssh side: source 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 Whatever it is, it doesn't work. I tried it login from another computer on my network (external interface), and I see the connections without the firewall clossing it. Mar 10 23:39:17 nimrodel sshd[26164]: error: PAM: User not known to the underlying authentication module for illegal user pepon from telperion.valinor Mar 10 23:39:20 nimrodel sshd[26164]: error: PAM: User not known to the underlying authentication module for illegal user pepon from telperion.valinor Mar 10 23:39:20 nimrodel sshd[26164]: error: PAM: User not known to the underlying authentication module for illegal user pepon from telperion.valinor Mar 10 23:39:26 nimrodel sshd[26169]: error: PAM: User not known to the underlying authentication module for illegal user pepon from telperion.valinor Mar 10 23:39:29 nimrodel syslog-ng[3792]: last message repeated 2 times Mar 10 23:39:29 nimrodel sshd[26174]: error: PAM: User not known to the underlying authentication module for illegal user pepon from telperion.valinor Mar 10 23:39:33 nimrodel syslog-ng[3792]: last message repeated 2 times Mar 10 23:39:33 nimrodel sshd[26179]: error: PAM: User not known to the underlying authentication module for illegal user pepon from telperion.valinor Mar 10 23:39:36 nimrodel syslog-ng[3792]: last message repeated 2 times Mar 10 23:39:36 nimrodel sshd[26184]: error: PAM: User not known to the underlying authentication module for illegal user pepon from telperion.valinor Mar 10 23:39:39 nimrodel syslog-ng[3792]: last message repeated 2 times Mar 10 23:39:39 nimrodel sshd[26189]: error: PAM: User not known to the underlying authentication module for illegal user pepon from telperion.valinor Mar 10 23:39:42 nimrodel syslog-ng[3792]: last message repeated 2 times Mar 10 23:39:42 nimrodel sshd[26194]: error: PAM: User not known to the underlying authentication module for illegal user pepon from telperion.valinor Mar 10 23:39:45 nimrodel syslog-ng[3792]: last message repeated 2 times Mar 10 23:39:45 nimrodel sshd[26199]: error: PAM: User not known to the underlying authentication module for illegal user pepon from telperion.valinor Mar 10 23:39:49 nimrodel syslog-ng[3792]: last message repeated 2 times Mar 10 23:39:49 nimrodel sshd[26204]: error: PAM: User not known to the underlying authentication module for illegal user pepon from telperion.valinor Mar 10 23:39:52 nimrodel syslog-ng[3792]: last message repeated 2 times Mar 10 23:39:52 nimrodel sshd[26209]: error: PAM: User not known to the underlying authentication module for illegal user pepon from telperion.valinor Mar 10 23:40:18 nimrodel syslog-ng[3792]: last message repeated 2 times All in the same minute, and the firewall doesn't act. Looking at the output of iptables I see: nimrodel:~ # iptables --list --verbose | grep "recent\|\:22" 13 780 ACCEPT tcp -- any any telperion.valinor anywhere state NEW,RELATED,ESTABLISHED tcp dpt:22 0 0 ACCEPT tcp -- any any dyna1.valinor anywhere state NEW,RELATED,ESTABLISHED tcp dpt:22 0 0 DROP tcp -- any any anywhere anywhere tcp dpt:22 state NEW recent: UPDATE seconds: 60 hit_count: 3 TTL-Match name: ssh side: source 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:22 state NEW recent: SET name: ssh side: source 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:22 nimrodel:~ # - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFH1bvctTMYHG2NR9URAi1FAJ4k2QYEIZA0fyQwXWqgECqyeTz+5ACdFmma ryzkfq8btbB4YnTNhLmgZOA= =hD/s -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org