On 28/12/13 17:57, Eli L. wrote:
> The description for the iptables -m limit rule is incorrect[1], and I don't
> have edit permissions to fix it:
>
> "The first line will accept new connections on port 22 provided that IP
> address hasn't made more than 3 connection attempts in the last minute."
>
> Should read more like:
>
> "The first line will accept new connections on port 22 provided there
> haven't been more than 3 connection attempts across all clients in the last
> minute."
>
> Important distinction as it opens you up to being denied login when anyone
> tries to brute force.
> Might be worth dropping the limit example altogether since the preceding -m
> recent example is far safer.
>
> --
> -Eli
>
>
> [1] Third set of rules on
> http://wiki.centos.org/HowTos/Network/SecuringSSH#head-a296ec93e31637aa349538be07b37f67d836688a
>
>
Many thanks for the feedback.
As you say, that example doesn't really add anything over and above the
first example so as suggested I've removed it.
___
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
