On 2010-03-09 21:07:42 -0800, Terry Barnum wrote: > > On Fri, 05.03.2010 at 09:44:35 +0000, Ed W <[email protected]> wrote: > >> I would be all in favour of a setting like this because it's easier > >> to configure than fail2ban... > > There's also denyhosts. <http://denyhosts.sourceforge.net/>
http://snowman.net/projects/ipt_recent/ for ssh i use: iptables -A input_ext -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j LOG --log-prefix "SSH_brute_force attack " iptables -A input_ext -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP iptables -A input_ext -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT really nice iptables module darix -- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org
