Otto Rodusek wrote:
Otto Rodusek wrote:
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thursday, 2010-06-10 at 01:06 +0800, Otto Rodusek wrote:
I've read the docs and have modified /etc/sysconfig/SuSEfirewall2 (FW_SERVICES_ACCEPT_EXT="0/0,tcp,22") to (FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=5,blockseconds=60,recentname=ssh").
If I check my logs I can still see that MANY sshd login attempts still happen within the 60 seconds.
Make sure you don't open ssh somewhere else; FW_SERVICES_EXT_*, FW_TRUSTED_NETS take precedence over FW_SERVICES_ACCEPT_EXT.
- -- Cheers, Carlos E. R.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux)
iEYEARECAAYFAkwPzI0ACgkQtTMYHG2NR9WcMgCcDxT81UtsXe8SIO4LUZ4h+yeg ilwAn1Uzwg03hS+r74yd6Ct/T2PhZB0+ =mRHe -----END PGP SIGNATURE----- Hi Carlos,
Ah I see - ok I'll check that out, make the required mods and then re-test. I'll post back if all is fine. Thanks. Otto. Hi,
Ok re-checked SuSEfirewall2 and the only ocurrance of FW_SERVICES_EXT_*, FW_TRUSTED_NETS (as suggested by Carlos) were:
455:# and more specific than FW_TRUSTED_NETS 539:FW_TRUSTED_NETS=""
282:FW_SERVICES_EXT_TCP="10000 10001 1723 20 47" 296:FW_SERVICES_EXT_UDP="" 313:FW_SERVICES_EXT_IP="gre" 333:FW_SERVICES_EXT_RPC="" 354:# see comments for FW_SERVICES_EXT_TCP 359:# see comments for FW_SERVICES_EXT_UDP 364:# see comments for FW_SERVICES_EXT_IP 369:# see comments for FW_SERVICES_EXT_RPC 379:# see comments for FW_SERVICES_EXT_TCP 384:# see comments for FW_SERVICES_EXT_UDP 389:# see comments for FW_SERVICES_EXT_IP 394:# see comments for FW_SERVICES_EXT_RPC 410:# interpreted as rpc service name. See FW_SERVICES_EXT_RPC for 436:# interpreted as rpc service name. See FW_SERVICES_EXT_RPC for 469:# interpreted as rpc service name. See FW_SERVICES_EXT_RPC for 472:# Note1: keep in mind that FW_SERVICES_EXT_TCP, FW_SERVICES_EXT_UDP 1087:# FW_SERVICES_EXT_IP="esp" 1088:# FW_SERVICES_EXT_UDP="isakmp"
So the script is still clean (as per Carlos) but the sshd per minute is still LOTS!!! Hopefully got another cure!!! Thanks. Otto.
Hi, Hmmm...another follow up to Carlos email got me searching and I found 3 additional references to sshd : FW_CONFIGURATIONS_EXT="apache2 apache2-ssl postfix samba-client samba-server sshd vsftpd" FW_CONFIGURATIONS_DMZ="sshd" FW_CONFIGURATIONS_INT="sshd" # Allow max three ssh connects per minute from the same IP address: # "0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh" FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=5,blockseconds=60,recentname=ssh" I'm not sufficiently savvy with iptables & SuSEfirewall2 but could one or more of the above lines be causing the problem? Thanks. Otto. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org