I knew it wouldn't trigger on the first attempt, but I had a sneaking suspicion that you'd need something to listen on that port. Is there a way to achieve what we seek, in that case, without userland tools?
On Thu, Jan 10, 2019 at 9:18 PM Stuart Henderson <s...@spacehopper.org> wrote: > > On 2019-01-09, Aaron Mason <simplersolut...@gmail.com> wrote: > > Hi Jordan > > > > I've set it up to try it, but I'm not having much luck. Even when I > > trigger more than one, it still doesn't populate the bad_hosts table, > > even again when I extend the rate period to 86400 seconds. I've added > > logging so I know the rule is triggering. See below. > > max-src-conn-rate is only triggered when a TCP connection is > established, you need to have something listening (and it will only > trigger on the *second* connection). > > -- Aaron Mason - Programmer, open source addict I've taken my software vows - for beta or for worse
