Re: DenyHosts

To: debian <debian-user@lists.debian.org>
Subject: Re: DenyHosts
From: Steve Matzura <number6@noisynotes.com>
Date: Sat, 16 Jan 2016 16:07:17 -0500
Message-id: <[🔎] r0cl9bp2g6sj7g9ol4b4116aoi5gtkp11q@4ax.com>
In-reply-to: <[🔎] 20160116234957.233200579d29f63a5d8a15fe@gmail.com>
References: <[🔎] vapi9b9ifknfu2rdddiu2lq35nqrdqmqop@4ax.com> <[🔎] 20160116015538.0d9f3ac269af947e278d7696@gmail.com> <[🔎] eekj9bhpmen1fu7j9lm0lk9c6s9i5dttq2@4ax.com> <[🔎] 20160116125730.c046d3c4e2cca4a07564a5ab@gmail.com> <[🔎] 0rdk9bhj30km53h74mkbonnqorehka2k98@4ax.com> <[🔎] 20160116161515.adc7cdb4e80e5bfd8bb901a9@gmail.com> <[🔎] e71l9bl0jc2eh7hm10r9brk7gp2sl058ac@4ax.com> <[🔎] 20160116234957.233200579d29f63a5d8a15fe@gmail.com>

Reco:

On Sat, 16 Jan 2016 23:49:57 +0300, you wrote:

>Reverse the order of these two rules. As I wrote in another part of this
>thread, I mistook rules' sequence.

Like this?

iptables -I INPUT -p tcp --dport 22 --tcp-flags SYN,RST,ACK SYN \
        -j DROP
iptables -I INPUT -p tcp --dport 22 -m conntrack --ctstate NEW \
        -m hashlimit --hashlimit 1/hour --hashlimit-burst 16 \
        --hashlimit-mode srcip --hashlimit-name ssh \
        --hashlimit-htable-expire 60000 -j ACCEPT

Reply to:

References:
- DenyHosts
  - From: Steve Matzura <sm@noisynotes.com>
- Re: DenyHosts
  - From: Reco <recoverym4n@gmail.com>
- Re: DenyHosts
  - From: Steve Matzura <number6@noisynotes.com>
- Re: DenyHosts
  - From: Reco <recoverym4n@gmail.com>
- Re: DenyHosts
  - From: Steve Matzura <number6@noisynotes.com>
- Re: DenyHosts
  - From: Reco <recoverym4n@gmail.com>
- Re: DenyHosts
  - From: Steve Matzura <sm@noisynotes.com>
- Re: DenyHosts
  - From: Reco <recoverym4n@gmail.com>

Prev by Date: Re: Mounting a Windows Share
Next by Date: Re: DenyHosts
Previous by thread: Re: DenyHosts
Next by thread: Re: DenyHosts
Index(es):
- Date
- Thread