Re: DenyHosts

[Steve Matzura <sm@noisynotes.com>]

Well, I thought I was doing so well. I discover now that no one,
including me, can get into my system any more via ssh. Here are the
current iptables rules:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j DROP
-A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m
hashlimit --hashlimit-upto 1/hour --hashlimit-burst 16
--hashlimit-mode srcip --hashlimit-name ssh --hashlimit-htable-expire
60000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j DROP
-A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m
hashlimit --hashlimit-upto 1/hour --hashlimit-burst 16
--hashlimit-mode srcip --hashlimit-name ssh --hashlimit-htable-expire
60000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j DROP
-A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m
hashlimit --hashlimit-upto 1/hour --hashlimit-burst 16
--hashlimit-mode srcip --hashlimit-name ssh --hashlimit-htable-expire
60000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j DROP
-A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m
hashlimit --hashlimit-upto 1/hour --hashlimit-burst 16
--hashlimit-mode srcip --hashlimit-name ssh --hashlimit-htable-expire
60000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j DROP
-A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m
hashlimit --hashlimit-upto 1/hour --hashlimit-burst 16
--hashlimit-mode srcip --hashlimit-name ssh --hashlimit-htable-expire
60000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j DROP
-A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j DROP
-A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m
hashlimit --hashlimit-upto 1/hour --hashlimit-burst 16
--hashlimit-mode srcip --hashlimit-name ssh --hashlimit-htable-expire
60000 -j ACCEPT
COMMIT

What'd I do?