[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] SuSefirewall - protect sshd



Ron Joffe wrote:
> On Monday 10 March 2008 11:37, Otto Rodusek (AP-SGP) wrote:
>   
>> Hi,
>>
>> I'm a bit confused with Susefirewall. I have had a number of robot
>> attacks against sshd so I set the following rule in SuSefirewall to
>> limit the number of allowable sshd logins per 60 second period:
>>
>>     
>
> Otto,
>
> I recommend looking at denyhosts for this function.
>
> Ron
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
> For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx
>   
Hi Ron,

Thanks for the reply. I'm very familiar with both denyhosts and fail2ban
and and indeed use a variant of it. I am more interested in knowing why
iptables doesn't behave the way it's supposed to though. From the
Susefirewall script docs if you set as per below it is supposed to limit
the number of sshd logins to only 3 per 60 seconds interval but from the
log this obviously isn't so and I'm curious to know what needs to be
done in order for iptables to behave as advertised. Again, thanks for
the advice and help. Rgds. Otto.

BTW: my os is OpenSuse 10.3 x86_64 (don't think this should make a diff
tho)!!

## Type: string
## Default: 0/0,tcp,113
#
# Services to allow. This is a more generic form of FW_SERVICES_{IP,UDP,TCP}
# and more specific than FW_TRUSTED_NETS
#
# Format: space separated list of net,protocol[,dport][,sport]
# Example: "0/0,tcp,22"
#
# Supported flags are
#   hitcount=NUMBER     : ipt_recent --hitcount parameter
#   blockseconds=NUMBER : ipt_recent --seconds parameter
#   recentname=NAME     : ipt_recent --name parameter
# Example:
#    Allow max three ssh connects per minute from the same IP address:
#      "0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"
#
# The special value _rpc_ is recognized as protocol and means that dport is
# interpreted as rpc service name. See FW_SERVICES_EXT_RPC for
# details.
#
FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx