Hi I have implamented it on my fedora servers, this is the iptables that i use .. it would need to go into /etc/rc.d/rc.firewall
# This rejects ssh attempts more than twice in 180 seconds... # First, mark attempts as part of the "sshattack" group... iptables -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set # Optional: Include this line if you want to log these attacks... iptables -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --rcheck --seconds 180 --hitcount 3 -j LOG --log-prefix "SSH REJECT: " # Finally, reject the connection if more than one attempt is made in 180 seconds... iptables -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --rcheck --seconds 180 --hitcount 3 -j REJECT --reject-with tcp-reset I'll have a look late today or tomorrow and see if I can add it .. you can mail me off the list greg at ct-net dot org to remind me .. On 9/26/07, cpu <[EMAIL PROTECTED]> wrote: > > Hi Greg! > > I'm interested to enable this important security feature on my EFW box. > PLZ, can you explain me what and where you have changed in EFW system? > Thnx in advance :) ! > Carlo > > > > Gregory Machin wrote: > > > > Hi > > Anyone else interested in the following : > > Iptables limit to number of connections to ssh port in a given time > > frame , thus discouraging script kiddies and the like. I currently > > have added this to my servers, to deter brute force attacks. This > > could be enabled on the ssh admin page, with an input box for the time > > out to be set .. > > > > Greg > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by: Microsoft > > Defy all challenges. Microsoft(R) Visual Studio 2005. > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > _______________________________________________ > > Efw-user mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/efw-user > > > > > > -- > View this message in context: > http://www.nabble.com/feature-request%2C-for-inclusion-to-firewall-tf4440439.html#a12901467 > Sent from the efw-user mailing list archive at Nabble.com. > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Efw-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/efw-user > -- Gregory Machin [EMAIL PROTECTED] www.linuxpro.co.za ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Efw-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/efw-user
