Re: DenyHosts

To: debian <debian-user@lists.debian.org>
Subject: Re: DenyHosts
From: Steve Matzura <number6@noisynotes.com>
Date: Sat, 16 Jan 2016 16:11:56 -0500
Message-id: <[🔎] rfcl9btlf1f9l7v8jae44nk3slt8fhkihv@4ax.com>
In-reply-to: <[🔎] 20160116234854.12947fb86d606880f9acabff@gmail.com>
References: <[🔎] vapi9b9ifknfu2rdddiu2lq35nqrdqmqop@4ax.com> <[🔎] rotk9b14hn23irkeln66cjqa944qc7hvre@4ax.com> <[🔎] 20160116201628.f2fbcb470791e8849215d2de@gmail.com> <[🔎] na0l9bh1utc0d7goit817mst8kaceqv0k4@4ax.com> <[🔎] 20160116234854.12947fb86d606880f9acabff@gmail.com>

Reco:

On Sat, 16 Jan 2016 23:48:54 +0300, you wrote:

>Correct sequence would be:
>
>iptables -F INPUT
>iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW \
>	-m hashlimit --hashlimit 1/hour --hashlimit-burst 16 \
>	--hashlimit-mode srcip --hashlimit-name ssh \
>	--hashlimit-htable-expire 60000 -j ACCEPT
>iptables -A INPUT -p tcp --dport 22 --tcp-flags SYN,RST,ACK SYN \
>	-j DROP

OK, got it perfect now. THANKS!

Reply to:

References:
- DenyHosts
  - From: Steve Matzura <sm@noisynotes.com>
- Re: DenyHosts
  - From: Steve Matzura <sm@noisynotes.com>
- Re: DenyHosts
  - From: Reco <recoverym4n@gmail.com>
- Re: DenyHosts
  - From: Steve Matzura <number6@noisynotes.com>
- Re: DenyHosts
  - From: Reco <recoverym4n@gmail.com>

Prev by Date: Re: DenyHosts
Next by Date: Re: eagle-lin64-7.5.0.run, won't
Previous by thread: Re: DenyHosts
Next by thread: [HITB-Announce] #HITB2016AMS Capture the Flag: Culinary Tour de Force - Registration now open
Index(es):
- Date
- Thread