On Saturday 22 November 2008 09:53:54 medwinz wrote:
On Sat, Nov 22, 2008 at 4:49 PM, Bob Williams
wrote: On Saturday 22 November 2008 08:43:14 Carlos E. R. wrote:
On Saturday, 2008-11-22 at 00:52 -0600, David C. Rankin wrote:
What is that automated Block??? package that updates your hosts.deny file if you have x attempts in y minutes from an IP?
You can use the automated block mechanism included in susefirewall. Simply activate it.
-- Cheers, Carlos E. R.
Carlos, can you give chapter & verse on where to find the automated block mechanism, please? It's early morning and I'm not feeling very clever :(
I've also been getting the attacks that David describes, mostly from addresses in China, but once from Brazil. But maybe they've been spoofed?
Bob
This lines taken from /etc/sysconfig/SuSEfirewall2
## Type: string ## Default: # # Services to allow. This is a more generic form of FW_SERVICES_{IP,UDP,TCP} # and more specific than FW_TRUSTED_NETS # # Format: space separated list of net,protocol[,dport[,sport[,flags]]] # Example: "0/0,tcp,22" # # Supported flags are # hitcount=NUMBER : ipt_recent --hitcount parameter # blockseconds=NUMBER : ipt_recent --seconds parameter # recentname=NAME : ipt_recent --name parameter # Example: # Allow max three ssh connects per minute from the same IP address: # "0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh" # # The special value _rpc_ is recognized as protocol and means that dport is # interpreted as rpc service name. See FW_SERVICES_EXT_RPC for # details. #
FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=60,recentna me=ssh"
medwinz
--
Yogi Berra - "I never said most of the things I said."
Thanks medwinz, I'll take a look at that. Bob -- Registered Linux User #463880 FSFE Member #1300 GPG-FP: A6C1 457C 6DBA B13E 5524 F703 D12A FB79 926B 994E openSUSE 11.0, Kernel 2.6.25.18-0.2-default, KDE 4.1.3 Intel Celeron 2.53GHz, 2GB DDR RAM, nVidia GeForce 7600GS -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org