On Tue, Mar 18, 2014 at 10:45:19PM +0100, Anders Jackson wrote: > > Den 18 mar 2014 22:18 skrev "Petter Reinholdtsen" <[email protected]>: > > > > [Anders Jackson] > > > This can be done directly by iptables, (but not yet with iptables6 for > > > ip6tables ). > > > > > > So I would suggest using a firewall utility instead, like ufw or > > > shorewall. > > > > This sound interesting. How can iptables know that the login attempt > > failed? My idea is to block too many failed connections, not "too > > many" connections, as a script with ssh-agent backing might well > > connect many times in a short while if the task is right. > > Ok, I didn't thought about that use case. > I never used that other than over LAN, not over internet connections. I just > thought about sftp and ssh terminal connection, which usually is longer. > To know the difference between missed logins and short valid ssh connections > you'll need something else than iptables. Something that analyse log files or > actually knows when login fails.
fail2ban does this, parses several services logs (you choose which, by default only ssh IIRC) and adds an iptables rule blocking that IP for X minutes when needed. Well, actually the action (block using iptables) can be configured, but iptables is an option (the default for ssh IIRC too :) and comes with some pre-defined actions and filters (i.e. to parse several logs from different daemons) Thanks, Rodrigo _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
