I don't follow... that is not my entire ruleset, but everything for the brute force is there..
On Fri, Oct 17, 2008 at 8:21 PM, Pascal Hambourg < [EMAIL PROTECTED]> wrote: > Hello, > > Stephen Vaughan a écrit : > > I have a ruleset which works for blocking brute force attempts on port 21, >> but I'm not sure how to open port 21 without exluding the rules, ie: >> >> # default >> $IPTABLES -P INPUT DROP >> >> # when this rule is enabled it doesn't go any further since it's a match, >> so >> how do I get it to allow the port to be open, but also run through the >> brute >> force tables? >> $IPTABLES -A INPUT -p tcp --dport 21 -j ACCEPT >> >> $IPTABLES -N FTP2 >> $IPTABLES -N FTPBF >> $IPTABLES -N FTPNEW >> $IPTABLES -A FTP2 -p tcp -m tcp --dport 21 -m state --state NEW -j FTPNEW >> $IPTABLES -A FTP2 -m recent --set --name FTPBLOCK --rsource >> $IPTABLES -A FTP2 -j LOG --log-prefix "FTP BRUTE FORCE: " --log-level 6 >> $IPTABLES -A FTP2 -j DROP >> $IPTABLES -A FTPBF -p tcp -m tcp --dport 21 -j DROP >> $IPTABLES -A FTPNEW -m recent --rcheck --name FTPBLOCK --rsource -j FTPBF >> $IPTABLES -A FTPNEW -m recent --set --name FTP --rsource >> $IPTABLES -A FTPNEW -m recent --update --seconds 120 --hitcount 6 --name >> FTP >> --rsource -j FTP2 >> > > You are not giving us the full picture. How are these chains called ? > > [Be aware that the 'recent' match can be circumvented or abused to cause a > DoS. You might consider using tools based on authentication failure such as > fail2ban instead.] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > -- Best Regards, Stephen
