On Tue, 2007-09-18 at 11:53 -0600, Ashley M. Kirchner wrote: > Hey all, > > I have the following lines in my iptables config file to curb ssh > knocking on our servers: > > # Let's see if we can curb SSH attacks. > -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set > > -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --rcheck > --seconds 120 --hitcount 2 -j LOG -log-prefix "SSH REJECT: " > > -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --rcheck > --seconds 120 --hitcount 2 -j REJECT --reject-with tcp-reset > > > This works great...EXCEPT it also blocks our own access to the > servers if we need to get on them in a short amount of time (less than > 120 seconds). So how can I still implement the above blocking, but > allow anything from our different subnets (we have 4) come through > without going through that block routine? ---- not responsive to your question but highly recommended... denyhosts package (yum install denyhosts) -- Craig White <craig@xxxxxxxxxxxxx>
