[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] SuSefirewall - protect sshd



Marcus Rueckert wrote:
> On 2008-03-10 10:53:08 -0500, Ron Joffe wrote:
>   
>> I recommend looking at denyhosts for this function.
>>     
>
> why having a script that parses a log file, which is written buffered,
> to do a job that iptables can do already.
>
> furthermore there is an even more trivial way to achieve the same:
> put your sshd on a port != 22.
>
>     darix
>   
Hi Marcus,

Thanks for the reply. I fully agree that iptables should do the job by
itself and indeed I have tried to change the ssh port to something other
than 22 - but robot crawlers are able to quickly determine this and then
you get attacks on the other port. At this point,  I am more interested
in knowing why
iptables doesn't behave the way it's supposed to though. From the
Susefirewall script docs if you set as per below it is supposed to limit
the number of sshd logins to only 3 per 60 seconds interval but from the
log this obviously isn't so and I'm curious to know what needs to be
done in order for iptables to behave as advertised. Again, thanks for
the advice and help. Rgds. Otto.

BTW: my os is OpenSuse 10.3 x86_64 (don't think this should make a diff
tho)!!

## Type: string
## Default: 0/0,tcp,113
#
# Services to allow. This is a more generic form of FW_SERVICES_{IP,UDP,TCP}
# and more specific than FW_TRUSTED_NETS
#
# Format: space separated list of net,protocol[,dport][,sport]
# Example: "0/0,tcp,22"
#
# Supported flags are
#   hitcount=NUMBER     : ipt_recent --hitcount parameter
#   blockseconds=NUMBER : ipt_recent --seconds parameter
#   recentname=NAME     : ipt_recent --name parameter
# Example:
#    Allow max three ssh connects per minute from the same IP address:
#      "0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"
#
# The special value _rpc_ is recognized as protocol and means that dport is
# interpreted as rpc service name. See FW_SERVICES_EXT_RPC for
# details.
#
FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"


---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx