On 10/15/05, Ritesh Raj Sarraf <[EMAIL PROTECTED]> wrote: > ## SSH Bruteforce > iptables -N SSH_WHITELIST > iptables -A SSH_WHITELIST -s 10.0.1.0/24 -m recent --remove --name SSH -j > ACCEPT > iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set > --name SSH > iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_WHITELIST > iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update > --seconds 60 --hitcount 4 --rttl --name SSH -j denylog >
While this is the best solution I've seen as well, there are some issues with the "recent" module... http://lists.debian.org/debian-kernel/2005/10/msg00302.html -- Jiann-Ming Su "I have to decide between two equally frightening options. If I wanted to do that, I'd vote." --Duckman "The system's broke, Hank. The election baby has peed in the bath water. You got to throw 'em both out." --Dale Gribble
