[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: blocking brute force attempts using iptables

I don't follow... that is not my entire ruleset, but everything for the brute force is there..

On Fri, Oct 17, 2008 at 8:21 PM, Pascal Hambourg <pascal.mail@plouf.fr.eu.org> wrote:

Stephen Vaughan a écrit :

I have a ruleset which works for blocking brute force attempts on port 21,
but I'm not sure how to open port 21 without exluding the rules, ie:

# default

# when this rule is enabled it doesn't go any further since it's a match, so
how do I get it to allow the port to be open, but also run through the brute
force tables?
$IPTABLES -A INPUT -p tcp --dport 21 -j ACCEPT

$IPTABLES -A FTP2 -p tcp -m tcp --dport 21 -m state --state NEW -j FTPNEW
$IPTABLES -A FTP2 -m recent --set --name FTPBLOCK --rsource
$IPTABLES -A FTP2 -j LOG --log-prefix "FTP BRUTE FORCE: " --log-level 6
$IPTABLES -A FTPBF -p tcp -m tcp --dport 21 -j DROP
$IPTABLES -A FTPNEW -m recent --rcheck --name FTPBLOCK --rsource -j FTPBF
$IPTABLES -A FTPNEW -m recent --set --name FTP --rsource
$IPTABLES -A FTPNEW -m recent --update --seconds 120 --hitcount 6 --name FTP
--rsource -j FTP2

You are not giving us the full picture. How are these chains called ?

[Be aware that the 'recent' match can be circumvented or abused to cause a DoS. You might consider using tools based on authentication failure such as fail2ban instead.]

To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Best Regards,

Reply to: