ok correction, this is the proper ruleset:
$IPTABLES -A INPUT -p tcp -m tcp --dport 21 -m state --state NEW -j FTPNEW
$IPTABLES -A FTP2 -m recent --set --name FTPBLOCK --rsource
$IPTABLES -A FTP2 -j LOG --log-prefix "FTP BRUTE FORCE: " --log-level 6
$IPTABLES -A FTP2 -j DROP
$IPTABLES -A FTPBF -p tcp -m tcp --dport 21 -j DROP
$IPTABLES -A FTPNEW -m recent --rcheck --name FTPBLOCK --rsource -j FTPBF
$IPTABLES -A FTPNEW -m recent --set --name FTP --rsource
$IPTABLES -A FTPNEW -m recent --update --seconds 120 --hitcount 6 --name FTP --rsource -j FTP2
first rule is different, so again, this doesn't open port 21, where do I need to place a rule like --dport 21 -j ACCEPT?
On Sat, Oct 18, 2008 at 12:57 AM, Pascal Hambourg
<pascal.mail@plouf.fr.eu.org> wrote:
Stephen Vaughan a écrit :
I don't follow... that is not my entire ruleset, but everything for the
brute force is there..
No it's not. In order to be effective, user-defined chains have to be called by another rule from a built-in chain (INPUT, OUTPUT, FORWARD...), and I do not see such a rule here.
--
Best Regards,
Stephen