Re: iptable: --seconds
-----BEGIN PGP SIGNED MESSAGE-----
Gerhard Kroder wrote:
> i want to stop sshd account testing by scripties witht the followoing
> iptables/bash script, but it won't do what i thougt. On a sarge test
> host with 2 aliased nic (eth0:1 and eth0:2), this script loads
> correctly, it drops connections with --hitcount 3 correctly (client gets
> timeout, sshd gets no connection/log), but doesn't get back for login
> after --seconds 120. No error or logging, only "Connection timed out"
> when i try to ssh into that aliased interfaces. login on eth0 always
> works ok.
Unfortunately the ipt_recent netfilter maintainer is no longer fixing
bugs in this module and there are several known problems which are
outstanding. The upstream Netfilter people intend to mark this module as
BROKEN or EXPERIMENTAL in 2.6.16 if a new maintainer is not found.
This is unfortunate, because this is an fun solution to this problem.
Hopefully it will get fixed soon.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
-----END PGP SIGNATURE-----