Re: iptable: --seconds
On 12/04/2005 05:10 PM, Gerhard Kroder wrote:
> Hi,
>
> i want to stop sshd account testing by scripties witht the followoing
> iptables/bash script, but it won't do what i thougt. On a sarge test
> host with 2 aliased nic (eth0:1 and eth0:2), this script loads
> correctly, it drops connections with --hitcount 3 correctly (client gets
> timeout, sshd gets no connection/log), but doesn't get back for login
> after --seconds 120. No error or logging, only "Connection timed out"
> when i try to ssh into that aliased interfaces. login on eth0 always
> works ok.
>
>
> <---cut--->
> #!/bin/bash
> IPT=/sbin/iptables
>
> #OPT="--verbose"
> OPT=""
>
> ## ip's changed ip_if1=192.168.10.11
> ip_if2=192.168.10.12
>
> ## just for testing: flush old rules
> $IPT --flush
>
> ## call ipt for all hostst in list
> for ip in $ip_if1 $ip_if2 do
> $IPT $OPT -A INPUT -p tcp --dport 22 -i eth0 -d $ip -m state --state NEW
> -m recent --set
> $IPT $OPT -A INPUT -p tcp --dport 22 -i eth0 -d $ip -m state --state NEW
> -m recent --update --seconds 120 --hitcount 3 -j LOG
> $IPT $OPT -A INPUT -p tcp --dport 22 -i eth0 -d $ip -m state --state NEW
> -m recent --update --seconds 120 --hitcount 3 -j DROP
> done
> <--cut--->
>
> No other rules are active rsp. defautls to "allow" (is a testing...).
> Can you help me? Any hints?
>
> Gerhard
Install the fail2ban package, or search debian-user archives for further
discussions.
Ralph
Reply to: