pardon my ignorance -- isn't --syn implied by -m state --state NEW?
if so then we already have it in action iptables-new.conf.
On Mon, 20 Aug 2007, Pierre Chifflier wrote:
> Package: fail2ban
> Version: 0.8.1-1
> Severity: wishlist
> Tags: patch
> --- Please enter the report below this line. ---
> fail2ban generate rules for iptables matching only the port, for ex:
> -A INPUT -p tcp -m multiport --dports 22,115 -j fail2ban-ssh
> This is bad, and can result in a nice DoS for NATed users if two users
> share the same IP, and one fails 3 times to login, then all connections
> (including already established) are banned.
> Proposed solution: filter only SYN paquets, so that established
> connexions are not affected, only new (patch attached for
> iptables-multiport, same solution could be applied to other actions as
> well).
> Regards,
> Pierre
> --- System information. ---
> Architecture: amd64
> Kernel: Linux 2.6.21-2-amd64
> Debian Release: lenny/sid
> 500 unstable ftp2.fr.debian.org
> --- Package information. ---
> Depends (Version) | Installed
> =============================-+-===========
> python-central (>= 0.5.8) | 0.5.14
> python (>= 2.4) | 2.4.4-6
> iptables | 1.3.8.0debian1-1
> lsb-base (>= 2.0-7) | 3.1-24
--
Yaroslav Halchenko
Research Assistant, Psychology Department, Rutgers-Newark
Student Ph.D. @ CS Dept. NJIT
Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171
101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102
WWW: http://www.linkedin.com/in/yarik
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
