Otto Rodusek wrote:
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thursday, 2010-06-10 at 01:06 +0800, Otto Rodusek wrote:
I've read the docs and have modified /etc/sysconfig/SuSEfirewall2 (FW_SERVICES_ACCEPT_EXT="0/0,tcp,22") to (FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=5,blockseconds=60,recentname=ssh").
If I check my logs I can still see that MANY sshd login attempts still happen within the 60 seconds.
Make sure you don't open ssh somewhere else; FW_SERVICES_EXT_*, FW_TRUSTED_NETS take precedence over FW_SERVICES_ACCEPT_EXT.
- -- Cheers, Carlos E. R.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux)
iEYEARECAAYFAkwPzI0ACgkQtTMYHG2NR9WcMgCcDxT81UtsXe8SIO4LUZ4h+yeg ilwAn1Uzwg03hS+r74yd6Ct/T2PhZB0+ =mRHe -----END PGP SIGNATURE----- Hi Carlos,
Ah I see - ok I'll check that out, make the required mods and then re-test. I'll post back if all is fine. Thanks. Otto. Hi,
Ok re-checked SuSEfirewall2 and the only ocurrance of FW_SERVICES_EXT_*, FW_TRUSTED_NETS (as suggested by Carlos) were: 455:# and more specific than FW_TRUSTED_NETS 539:FW_TRUSTED_NETS="" 282:FW_SERVICES_EXT_TCP="10000 10001 1723 20 47" 296:FW_SERVICES_EXT_UDP="" 313:FW_SERVICES_EXT_IP="gre" 333:FW_SERVICES_EXT_RPC="" 354:# see comments for FW_SERVICES_EXT_TCP 359:# see comments for FW_SERVICES_EXT_UDP 364:# see comments for FW_SERVICES_EXT_IP 369:# see comments for FW_SERVICES_EXT_RPC 379:# see comments for FW_SERVICES_EXT_TCP 384:# see comments for FW_SERVICES_EXT_UDP 389:# see comments for FW_SERVICES_EXT_IP 394:# see comments for FW_SERVICES_EXT_RPC 410:# interpreted as rpc service name. See FW_SERVICES_EXT_RPC for 436:# interpreted as rpc service name. See FW_SERVICES_EXT_RPC for 469:# interpreted as rpc service name. See FW_SERVICES_EXT_RPC for 472:# Note1: keep in mind that FW_SERVICES_EXT_TCP, FW_SERVICES_EXT_UDP 1087:# FW_SERVICES_EXT_IP="esp" 1088:# FW_SERVICES_EXT_UDP="isakmp" So the script is still clean (as per Carlos) but the sshd per minute is still LOTS!!! Hopefully got another cure!!! Thanks. Otto. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org