Arthur DiSegna wrote:
Have you looked at the Denyhosts program?
http://denyhosts.sourceforge.net/
ad^2
-----Original Message----- From: Otto Rodusek
Reply-to: otto@applied.com.sg To: opensuse-security@opensuse.org Subject: [opensuse-security] Howto restrict number of sshd sessions per minute Date: Thu, 10 Jun 2010 01:06:59 +0800 Hi ListMates,
I'm trying to resolve a problem with Susefirewall2 that I've had for some time and I'm hoping to get a resolution if possible. I'm trying this on a Dell Server T110 using opensuse linux 11.2 - uname: Linux bunyip 2.6.31.12-0.2-desktop #1 SMP PREEMPT 2010-03-16 21:25:39 +0100 i686 i686 i386 GNU/Linux.
I'm trying to restrict the number of sshd login attempts to only 5 per minute and no more.
I've read the docs and have modified /etc/sysconfig/SuSEfirewall2 (FW_SERVICES_ACCEPT_EXT="0/0,tcp,22") to (FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=5,blockseconds=60,recentname=ssh").
If I check my logs I can still see that MANY sshd login attempts still happen within the 60 seconds. I have installed a perl program to catch and firewall those culprits BUT I would still like to know why the above code doesn't seem to work. Have I forgotten to edit something else? Any help would be much appreciated.
If it helps, below is the result of the iptables -L - maybe someone can spot something here?
Again much thanks for any help in this area.
Hi Arthur, Thanks for your feedback. Yes I'm very familiar with denyhosts as well as a couple of other solutions. I am using a perl solution for the moment. However I consider this a "bandage" fix (sort of...) - I feel that iptables should work as advertised and I'd really like to learn why in this case it doesn't. I agree that a product like denyhosts is a really good idea and should be used regardless but I'd also like to know why iptables doesn't behave and are there other instances where iptables "misbehaves" or am I just doing something wrong. Again, thanks for your feedback. Best regards. Otto. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org