[nmglug] Iptables script,
Andres Paglayan
andres at paglayan.com
Mon Oct 2 07:57:49 PDT 2006
sweet,
On Sep 29, 2006, at 6:09 PM, Mars DeLapp wrote:
> Andres Paglayan wrote:
>> I am looking for a cron script which parses var/log/auth,
>> scans for repeated failed attempts and adds offending ips to
>> iptables drop,
>
> I would not do that. After you reach a certain number of failed
> attempts, you can get locked out of your own system.
>
> A better approach may be rate limit the connection attempts like this
>
> iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m
> recent --set
> iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m
> recent --update --seconds 60 --hitcount 4 -j DROP
>
> This will drop connection attempts after three failed attempts in
> one minute. Each future attempt from that same ip address resets
> the clock for another 60 seconds. The good thing is that if _you_
> screwup entering your password, you just have to wait for the clock
> to reset.
>
> see man iptables (look under recent) for more info and
> http://snowman.net/projects/ipt_recent/
> for some more examples.
>
> I have looked at several firewall packages and come to the
> conclusion that the best way to do a firewall is to study iptables
> and understand it and write your own rules that fit your situation.
>
> Mars
>
> --
> =============================================================
> J. Marsden DeLapp, PE
> President
> DeLapp & Associates, Inc. dba DeLapp Engineering®
> Providing lighting and power planning, design and analysis services
> for commercial, industrial and large residential facilities.
> 1190 Harrison Rd Ste 3
> Santa Fe NM 87507
> (505) 983-5557
> http://DeLapp.com
> =============================================================
>
>
> _______________________________________________
> nmglug mailing list
> nmglug at nmglug.org
> http://www.nmglug.org/mailman/listinfo/nmglug
More information about the nmglug
mailing list