On 2011/12/30 19:04, MT Julianto wrote:
On 31 December 2011 03:16, jdow <[email protected] <mailto:[email protected]>>
wrote:
On 2011/12/30 18:05, MT Julianto wrote:
On 30 December 2011 14:22, jdow <[email protected]
<mailto:[email protected]> <mailto:[email protected]
<mailto:[email protected]>>>
This allows me to typo the password. All I have to do is wait a
couple minutes
between tries
Is it the same as fail2ban with setting: maxretry=1 ?
I don't know. I learned of fail2ban from the BSD mailing list long after I'd
learned that iptables trick. I feel more comfortable with the iptables trick
since it is right there instantly rather than with any log reading delays.
It even prevents two attempts from the same address if the first one was
successful, which is not something I've ever wanted to do. It's one less
piece of software on the system. It means I had to learn iptables a bit.
If I were you, I will do that same :-) It is always a great pleasure to use our
own tricks and to keep learning about it.
I learned the trick on one of the Red Hat lists about a decade ago.
I wish have a chance someday to learn iptables...
There is no present like the time.
I first learned ipchains. I found the Trinity firewall project long ago and
built up some tweaks to their ipchains firewall. Then I had to learn iptables
to keep the goodies I'd built in, like a dedicated hole in the firewall in
case the usual login method failed. I also learned to redirect incoming
connection requests to another machine when I experimented with a little
video streaming on a Windows machine.
It's a little mind-bending at first. But taking working scripts and adapting
them is a good way to learn.
{^_^}
