[nmglug] Iptables script,
Mars DeLapp
jmdelapp at delapp.com
Fri Sep 29 17:09:43 PDT 2006
Andres Paglayan wrote:
> I am looking for a cron script which parses var/log/auth,
> scans for repeated failed attempts and adds offending ips to iptables drop,
I would not do that. After you reach a certain number of failed attempts, you can get locked out of your own system.
A better approach may be rate limit the connection attempts like this
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
This will drop connection attempts after three failed attempts in one minute. Each future attempt from that same ip
address resets the clock for another 60 seconds. The good thing is that if _you_ screwup entering your password, you
just have to wait for the clock to reset.
see man iptables (look under recent) for more info and
http://snowman.net/projects/ipt_recent/
for some more examples.
I have looked at several firewall packages and come to the conclusion that the best way to do a firewall is to study
iptables and understand it and write your own rules that fit your situation.
Mars
--
=============================================================
J. Marsden DeLapp, PE
President
DeLapp & Associates, Inc. dba DeLapp Engineering®
Providing lighting and power planning, design and analysis services
for commercial, industrial and large residential facilities.
1190 Harrison Rd Ste 3
Santa Fe NM 87507
(505) 983-5557
http://DeLapp.com
=============================================================
More information about the nmglug
mailing list