On 2010-03-09 21:07:42 -0800, Terry Barnum wrote:
On Fri, 05.03.2010 at 09:44:35 +0000, Ed W lists@wildgooses.com wrote:
I would be all in favour of a setting like this because it's easier to configure than fail2ban...
There's also denyhosts. http://denyhosts.sourceforge.net/
http://snowman.net/projects/ipt_recent/
for ssh i use: iptables -A input_ext -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j LOG --log-prefix "SSH_brute_force attack " iptables -A input_ext -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP iptables -A input_ext -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT
really nice iptables module
darix-- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org