Re: iptable: --seconds

To: Gerhard Kroder <gerhard.kroder@t-online.de>
Cc: debian-security@lists.debian.org
Subject: Re: iptable: --seconds
From: Micah Anderson <micah@debian.org>
Date: Sun, 11 Dec 2005 11:02:00 -0500
Message-id: <[🔎] 439C4D78.9060002@debian.org>
In-reply-to: <[🔎] 43936896.3090005@t-online.de>
References: <[🔎] 43936896.3090005@t-online.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gerhard Kroder wrote:
> Hi,
> 
> i want to stop sshd account testing by scripties witht the followoing
> iptables/bash script, but it won't do what i thougt.  On a sarge test
> host with 2 aliased nic (eth0:1 and eth0:2), this script loads
> correctly, it drops connections with --hitcount 3 correctly (client gets
> timeout, sshd gets no connection/log), but doesn't get back for login
> after --seconds 120. No error or logging, only "Connection timed out"
> when i try to ssh into that aliased interfaces. login on eth0 always
> works ok.

Unfortunately the ipt_recent netfilter maintainer is no longer fixing
bugs in this module and there are several known problems which are
outstanding. The upstream Netfilter people intend to mark this module as
BROKEN or EXPERIMENTAL in 2.6.16 if a new maintainer is not found[1].
This is unfortunate, because this is an fun solution to this problem.
Hopefully it will get fixed soon.

micah

1.http://lists.netfilter.org/pipermail/netfilter-devel/2005-December/022696.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDnE149n4qXRzy1ioRArhPAKCYEU/SKwwRfzljT27Kz1uSi1k0BACfT7WO
Uc7QncTDIWsd30sySzyusBg=
=SBsq
-----END PGP SIGNATURE-----

Reply to:

References:
- iptable: --seconds
  - From: Gerhard Kroder <gerhard.kroder@t-online.de>

Prev by Date: Re: help
Next by Date: editor crashes regularly, loosing all data since last save
Previous by thread: iptable: --seconds
Next by thread: Re: iptable: --seconds
Index(es):
- Date
- Thread