On Thu, Dec 30, 2004 at 17:44:07 +0100, Dario Lesca <d.lesca@xxxxxxxxxx> wrote: > Il gio, 2004-12-30 alle 14:30, Steven Stern ha scritto: > > On Thu, 30 Dec 2004 21:19:35 +0800, chi <chi@xxxxxxxxxxxxxxxxxx> wrote: > > > I did three things. > > ... > > .. and via iptables? > > it is possible allow only 2 or 3 access every 5/10 minutes with > --limit-burst option? > > I do not know how to do this ... Someone have a example? > Is this idea a good solution ... or not? It looks like you might be able to use pam_tally to do what you want, though you probably want to combine it with pam_rhosts to allow some special hosts to be able to login to accounts whose fail tallies are over the limit. (The idea is to require one of pam_tally or pam_rhoststo succeed in addition to whateveryour normal allowed authentication methods are.) Be careful about the setup if you are allowing root logins via ssh. If pam_tally doesn't do quite what you want, you might be able to modify it to do what you want. This approach seems better than rate limiting SYN packets.
