I want to counter SSH brute force attacks on the various servers with SSH access from the 'net' zone. I have a firewall on a PC using Shorewall 4.0.6. (shorewall-common + perl) between 'net' and the zones 'loc' (most user PCs) and 'serv' (my central servers).
- I hope I can protect all 'loc' and 'serv' systems through changes in the shorewall rules? (I mean, not just protecting only the firewall itself) I understand Limiting Per-IP Connection rate can be done via the 'Limit' Action (http://shorewall.net/Actions.html). Some of the rules in my /etc/sharewall/rules are: ACCEPT loc $FW tcp 22 ACCEPT serv $FW tcp 22 ACCEPT net serv tcp 22 ACCEPT net $SSH_LOC tcp 22 (SSH_LOC is a parameter defined in my /etc/shorewall/params file, listing all the IP adresses of machines behind my firewall which have sshd running and want their machine to be accessible via SSH) - Is is sufficient to just add (e.g. for the 3rd line) Limit:info:SSHA,3,60 net serv tcp 22 and similar lines for the other cases (and no need for separate files with specifications to create in e.g. /etc/shorewall) and restart shorewall ? - I do not understand well what the 'set name' means (the SSHA) ... - In my /etc/shorewall nor in my /etc/share/shorewall directory I find no action.Limit or Limit file. Is this normal? - In the log I hope there will be only entries when there occur more than 3 SSH connections from a same IP in a 60 seconds timeframe, and not for every SSH connection, is that right? - In case the seeker of access is a normal person, just not very well remembering his password, will he get some warning that he will have to wait for about a minute after 3 tries? Thx, ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
