I don't know of any reason why iptables recent should not work. The AIF "ssh-brute-force-protection" plugin uses iptables recent, but I have never tested or used it. Take a look at /usr/share/arno-iptables-firewall/plugins/50ssh-brute-force-protection.plugin and see if you are doing about the same thing.
AstLinux includes an AIF "adaptive-ban" plugin (exclusive to AstLinux) that works similar to fail2ban supporting asterisk, sshd and mini_httpd which has been extensively tested within AstLinux. A better solution, IMHO. Lonnie On Feb 3, 2011, at 7:17 PM, [email protected] wrote: > > is the iptables recent module being blocked or inhibited somehow by astlinux? > > it is a most useful resource for detecting, counting inbound access attempts > over a > time interval, and eliminating multiple attacks from any given port or > protocol, as I > should imagine most of the users here should (emphasis SHOULD) already > know.... > > kernel module inspection shows that it is present.... > > we use our own iptables settings -- anyone who understands security would not > do > anything less without complete and independently verifiable and regression > tested > results from any proposed solution... so anything arno is disabled > presently... > > new connections that meet the recent module criteria for setting their IP > adress in > the file table seem to be completley ignored, as are (or course, given the > preceeding) the conditions to automatically drop further packets from the > given > undesireable IP > > do you have thousands of ssh or sip-5060 attacks when you use astlinux? > > if so, they could be prevented, but somehow it is not allowed. > > why is this? > > > - > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Compuquest, Inc. www.compuquestinc.com > Tel: 630-405-0740 Fax: 773-782-5228 > > Since 1983 Innovative Technology Solutions > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > > ------------------------------------------------------------------------------ > The modern datacenter depends on network connectivity to access resources > and provide services. The best practices for maximizing a physical server's > connectivity to a physical network are well understood - see how these > rules translate into the virtual world? > http://p.sf.net/sfu/oracle-sfdevnlfb > _______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > [email protected]. > > ------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
