On 12/04/2005 05:10 PM, Gerhard Kroder wrote: > Hi, > > i want to stop sshd account testing by scripties witht the followoing > iptables/bash script, but it won't do what i thougt. On a sarge test > host with 2 aliased nic (eth0:1 and eth0:2), this script loads > correctly, it drops connections with --hitcount 3 correctly (client gets > timeout, sshd gets no connection/log), but doesn't get back for login > after --seconds 120. No error or logging, only "Connection timed out" > when i try to ssh into that aliased interfaces. login on eth0 always > works ok. > > > <---cut---> > #!/bin/bash > IPT=/sbin/iptables > > #OPT="--verbose" > OPT="" > > ## ip's changed ip_if1=192.168.10.11 > ip_if2=192.168.10.12 > > ## just for testing: flush old rules > $IPT --flush > > ## call ipt for all hostst in list > for ip in $ip_if1 $ip_if2 do > $IPT $OPT -A INPUT -p tcp --dport 22 -i eth0 -d $ip -m state --state NEW > -m recent --set > $IPT $OPT -A INPUT -p tcp --dport 22 -i eth0 -d $ip -m state --state NEW > -m recent --update --seconds 120 --hitcount 3 -j LOG > $IPT $OPT -A INPUT -p tcp --dport 22 -i eth0 -d $ip -m state --state NEW > -m recent --update --seconds 120 --hitcount 3 -j DROP > done > <--cut---> > > No other rules are active rsp. defautls to "allow" (is a testing...). > Can you help me? Any hints? > > Gerhard
Install the fail2ban package, or search debian-user archives for further discussions. Ralph -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
