[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: blocking brute force attempts using iptables

ok correction, this is the proper ruleset:

$IPTABLES -A INPUT -p tcp -m tcp --dport 21 -m state --state NEW -j FTPNEW
$IPTABLES -A FTP2 -m recent --set --name FTPBLOCK --rsource           
$IPTABLES -A FTP2 -j LOG --log-prefix "FTP BRUTE FORCE: " --log-level 6
$IPTABLES -A FTPBF -p tcp -m tcp --dport 21 -j DROP
$IPTABLES -A FTPNEW -m recent --rcheck --name FTPBLOCK --rsource -j FTPBF
$IPTABLES -A FTPNEW -m recent --set --name FTP --rsource
$IPTABLES -A FTPNEW -m recent --update --seconds 120 --hitcount 6 --name FTP --rsource -j FTP2

first rule is different, so again, this doesn't open port 21, where do I need to place a rule like --dport 21 -j ACCEPT?

On Sat, Oct 18, 2008 at 12:57 AM, Pascal Hambourg <pascal.mail@plouf.fr.eu.org> wrote:
Stephen Vaughan a écrit :
I don't follow... that is not my entire ruleset, but everything for the
brute force is there..

No it's not. In order to be effective, user-defined chains have to be called by another rule from a built-in chain (INPUT, OUTPUT, FORWARD...), and I do not see such a rule here.

To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Best Regards,

Reply to: