Hey all,
I have the following lines in my iptables config file to curb ssh
knocking on our servers:
# Let's see if we can curb SSH attacks.
-A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set
-A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --rcheck
--seconds 120 --hitcount 2 -j LOG -log-prefix "SSH REJECT: "
-A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --rcheck
--seconds 120 --hitcount 2 -j REJECT --reject-with tcp-reset
This works great...EXCEPT it also blocks our own access to the
servers if we need to get on them in a short amount of time (less than
120 seconds). So how can I still implement the above blocking, but
allow anything from our different subnets (we have 4) come through
without going through that block routine?
--
W | It's not a bug - it's an undocumented feature.
+--------------------------------------------------------------------
Ashley M. Kirchner <mailto:ashley@xxxxxxxxxx> . 303.442.6410 x130
IT Director / SysAdmin / Websmith . 800.441.3873 x130
Photo Craft Imaging . 3550 Arapahoe Ave. #6
http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.
