On Mon, 2005-05-09 at 10:56 -0500, David Hoffman wrote: > On 5/9/05, David Cary Hart <Fedora@xxxxxxxxxxx> wrote: > > I use the swatch daemon to move them to the firewall after one attempt. > > I believe that there is a swatch rpm in extras. > > I hope you never mis-type your user name or password. > > What happens if you do? Swatch picks it up as a failed attempt, and > then blocks you? Permanently? Do you have any rules for moving them > back out of the firewall after some cooling-off period? > First of all, swatch can ignore IPs such as the LAN and known hosts. Thus, the problem of self-inflicted exile is eliminated. Yes, I do remove SSH and SASL authentication rules firewall after 48 hours (script). I have noticed that, once tarpitted, the NEVER come back. BTW, I use swatch to execute scripts that further evaluate the variables. Swatch updates our DNSBL in real time. Works like a champ. -- Multi-RBL Check: http://www.TQMcube.com/rblcheck.htm Kill Spam at the Source: http://www.TQMcube.com/spam_trap.htm Today's Spam Trap Adds: http://www.TQMcube.com/BlockedToday RBLDNSD HowTo: http://www.TQMcube.com/rbldnsd.htm
