Thanks for the hint.
But now I see my machine is SSH Brute force attacked (someone is trying to
login with all possible first names from the alphabet) but by continously
changing IP source address, so
Limit:... does not help I guess, since this limits the number of SSH
requests for a same IP address...
In the last 3 months some 13.000 tries ( "Invalid user" in my
/var/mail/root) have been done coming from 1.750 different IP adresses :-((
Any ideas how to counter this?
2009/11/8 Tom Eastep <[email protected]>
> n dhert wrote:
> > I have a line in my shorewall rules file
> > Limit:info:SSHBFAttack,3,60 net $MACHINE tcp 22
> > to counter SSH attacks to the machine $MACHINE (max 3 SSH requests per
> > minute from same machine, then one needs to wait a minute for next SSH
> > request)
> >
> > Now I want to make 1 exception to this limitation for one particular
> > machine on the 'net' zone, say 217.218.219.220
> > I tried
> > Limit:info:SSHBFAttack,3,60 net:!217.218.219.220 tcp 22
> > but the result is that 217.218.219.220 is excluded totally from SSH,
> > definitely not what I want :-)
> >
> > What line(s) must be used to achieve that?
>
> Rather than exclude 217.218.219.220 from the Limit rule, the simplest
> thing to do is add this rule BEFORE the Limit rule:
>
> ACCEPT net:217.218.219.220 $MACHINE tcp 22
>
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now. http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
