Hi Benny,
>> sudo iptables -I INPUT -p tcp --dport 23 -i eth0 -m state --state NEW
>> -m recent --set
> imho invalid
That's the first step. That step must be folllowed by #2 below. How do you
think Shorewall works? it sets the same type commands as these two with Python
scripts <g>
>> sudo iptables -I INPUT -p tcp --dport 23 -i eth0 -m state --state NEW
>> -m recent --update --seconds 30 --hitcount 2 -j DROP
>> All of a sudden idiots cannot connect here after 30 seconds <g>
> indeed, just remember i say i would like to help you with shorewall ?
Not needed, and not wanted here. I can control it all by setting the dport,
and seconds after their initial connect.
Most people don't understand Iptables. It's not hard to work with when you
understand it.
Here is what I'm using now, works great: Step 1:
sudo iptables -I INPUT -p tcp --dport 23 -i eth0 -m state --state NEW -m recent
--set
Step 2:
sudo iptables -I INPUT -p tcp --dport 23 -i eth0 -m state --state NEW -m recent
--update --seconds 60 --hitcount 4 -j DROP
I use the same commands for port 8080 btw.
These commands will flush your iptables filewall, and remove all currently
active rules when you want to change the settings.
iptables -F
iptables -X
Take care,
Janis
--- BBBS/Li6 v4.10 Dada-2
* Origin: Prism bbs (1:261/38)
|
