Roberto C. Sanchez wrote: > Hello, > > Currently, I am rate limiting SSH connections to one of my servers, > (running shorewall 3.2.6) like this: > > SSH/ACCEPT net $FW - - - - 1/min:2 > > Now, I'd like to allow some machines in the net zone to not be rate > limited. Is this possible? I was thinking something like this: > > SSH/ACCEPT net:w.x.y.z/a $FW > SSH/ACCEPT net $FW - - - - 1/min:2 > > That way, machines in the w.x.y.z/a IP block match the first rule, which > has no rate limit, and all others match the rate limited rule. I could > not find much on this and I am hesitant to experiment with a production > server without some confirmation that I am headed in the right > direction. >
You are headed in the right direction. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
