Shorewall Guy wrote: > Roberto C. Sánchez wrote: >> On Sat, Jan 17, 2009 at 09:06:30AM +0100, Gerhard Engler wrote: >>> for Interf in $WAN; do >>> $IPTABLES_BIN -A INPUT -i $Interf -p tcp --dport 22 -m state --state NEW \ >>> -m recent --set --name SSH >>> $IPTABLES_BIN -A INPUT -i $Interf -p tcp --dport 22 -m state --state NEW \ >>> -m recent --rcheck --seconds 60 --hitcount 4 --rttl --name SSH \ >>> -j REJECT --reject-with tcp-reset >>> $IPTABLES_BIN -A INPUT -i $Interf -p tcp --dport 22 -m state --state NEW \ >>> -j ACCEPT >>> done >>> >>> >>> How can I translate this in shorewall? >>> >> SSH/ACCEPT net $FW - - - - >> 4/min:4 > > That approach has the disadvantage that legitimate users are blocked out > during an attack. The Limit builtin action > (http://www.shorewall.net/PortKnocking.html#Limit) does what the OP is > asking.
An even better solution (in MY opinion) is to install fail2ban. It watches the log files and bans the IP addresses that makes repeated failed login attempts. All parameters can be configured, such as number of attempts, ban time etc. BR /Martin ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
