Re: iptable: --seconds

To: debian-security@lists.debian.org
Subject: Re: iptable: --seconds
From: Ralph Katz <ralph.katz@rcn.com>
Date: Sun, 04 Dec 2005 21:19:25 -0500
Message-id: <[🔎] 4393A3AD.4050007@rcn.com>
In-reply-to: <5gadL-3tZ-35@gated-at.bofh.it>
References: <5gadL-3tZ-35@gated-at.bofh.it>

On 12/04/2005 05:10 PM, Gerhard Kroder wrote:
> Hi,
> 
> i want to stop sshd account testing by scripties witht the followoing
> iptables/bash script, but it won't do what i thougt.  On a sarge test
> host with 2 aliased nic (eth0:1 and eth0:2), this script loads
> correctly, it drops connections with --hitcount 3 correctly (client gets
> timeout, sshd gets no connection/log), but doesn't get back for login
> after --seconds 120. No error or logging, only "Connection timed out"
> when i try to ssh into that aliased interfaces. login on eth0 always
> works ok.
> 
> 
> <---cut--->
> #!/bin/bash
> IPT=/sbin/iptables
> 
> #OPT="--verbose"
> OPT=""
> 
> ## ip's changed ip_if1=192.168.10.11
> ip_if2=192.168.10.12
> 
> ## just for testing: flush old rules
> $IPT --flush
> 
> ## call ipt for all hostst in list
> for ip in $ip_if1 $ip_if2 do
> $IPT $OPT -A INPUT -p tcp --dport 22 -i eth0 -d $ip -m state --state NEW
> -m recent --set
> $IPT $OPT -A INPUT -p tcp --dport 22 -i eth0 -d $ip -m state --state NEW
> -m recent --update --seconds 120 --hitcount 3 -j LOG
> $IPT $OPT -A INPUT -p tcp --dport 22 -i eth0 -d $ip -m state --state NEW
> -m recent --update --seconds 120 --hitcount 3 -j DROP
> done
> <--cut--->
> 
> No other rules are active rsp. defautls to  "allow" (is a testing...).
> Can you help me? Any hints?
> 
> Gerhard

Install the fail2ban package, or search debian-user archives for further
discussions.

Ralph

Reply to:

Prev by Date: iptable: --seconds
Next by Date: Re: pb de livraison
Previous by thread: Re: iptable: --seconds
Next by thread: Question about iptables
Index(es):
- Date
- Thread