Re: Server is back up

Sun, 15 Jan 2006 17:19:27 -0800 

Quoting Chris Shoemaker <[EMAIL PROTECTED]>:


I didn't know about ipt recent.  I've been using:
-A RH-Firewall-1-INPUT -i eth0 -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name sshscans -A RH-Firewall-1-INPUT -m recent --rcheck --seconds 60 --hitcount 5 --name sshscans -j LOG --log-prefix "SSH attack: " -A RH-Firewall-1-INPUT -m recent --rcheck --seconds 60 --hitcount 5 --name sshscans -j DROP 

Umm, you're using ipt_recent -- -m recent..   It's broken.  I'm surprised
that this works for you.  For me it doesn't.


But I can't say I'm totally satisfied with it.  It seems to interact
poorly with X11 forwarding.


That's one way it's poor.  I've also noticed that it sometimes blocks
ALL ssh inputs.  I haven't figured out how or why, yet.


I've done some searching for a better solution but nothing jumped out.
If you find something that works well, I'd be interested in trying it
out here if you'd share the rules.


I've not found anything better, yet, either.  It was working great in
FC1 on the 2.4 kernel, but ALL my 2.6 kernels have trouble using this.
There was a bug about this in FC and supposedly this is fixed in 2.6.15:

 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=164076


I'm also waiting for an FC4-blessed 2.6.15-1, because it has a vgacon
double-scan fix that's been biting me since 2.6.14.


There's a test kernel available... But I don't want to install a test
RPM on the "production" server.


I honestly have no idea if that's controllable or how.  I'm willing to
make the change if you tell me what I need to change.  Did you try selecting
the side-by-side mode in the changeset viewer?  There's also the
"unified diff" link at the bottom of the changeset.


Oh, I didn't see those.  That's good enough for me.


Ahh, good.  Less work for me.   :)


-chris


-derek

--
      Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
      Member, MIT Student Information Processing Board  (SIPB)
      URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
      [EMAIL PROTECTED]                        PGP key available

_______________________________________________
gnucash-devel mailing list
[email protected]
https://lists.gnucash.org/mailman/listinfo/gnucash-devel






















					Reply via email to