Sorry for the late reply, I only saw this msg. now... Gerhard Kroder ([EMAIL PROTECTED]) wrote on 4 December 2005 23:07: >i want to stop sshd account testing by scripties witht the >followoing iptables/bash script, but it won't do what i thougt. On >a sarge test host with 2 aliased nic (eth0:1 and eth0:2), this >script loads correctly, it drops connections with --hitcount 3 >correctly (client gets timeout, sshd gets no connection/log), but >doesn't get back for login after --seconds 120. No error or logging, >only "Connection timed out" when i try to ssh into that aliased >interfaces. login on eth0 always works ok.
> > ><---cut---> >#!/bin/bash >IPT=/sbin/iptables > >#OPT="--verbose" >OPT="" > >## ip's changed >ip_if1=192.168.10.11 >ip_if2=192.168.10.12 > >## just for testing: flush old rules >$IPT --flush > >## call ipt for all hostst in list >for ip in $ip_if1 $ip_if2 >do >$IPT $OPT -A INPUT -p tcp --dport 22 -i eth0 -d $ip -m state --state NEW -m >recent --set >$IPT $OPT -A INPUT -p tcp --dport 22 -i eth0 -d $ip -m state --state NEW -m >recent --update --seconds 120 --hitcount 3 -j LOG >$IPT $OPT -A INPUT -p tcp --dport 22 -i eth0 -d $ip -m state --state NEW -m >recent --update --seconds 120 --hitcount 3 -j DROP >done Perhaps you could try this: $ipt -A FORWARD -i $ethEXT -p tcp --syn -m state --state NEW -d $sshserv --dport 22 -m recent --name ssh --set $ipt -A FORWARD -i $ethEXT -p tcp --syn -m state --state NEW -d $sshserv --dport 22 -m recent --name ssh --rcheck --seconds 60 --hitcount 6 -j limitassh and in the limitassh queue: $ipt -A limitassh -j LOG --log-prefix "limitassh: " $ipt -A limitassh -j DROP I used another queue to avoid checking twice in a time-dependent rule. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
