tyju tiui wrote: > Hi, > > Is there any way to add extra system protection rules? > For example, I'd like to add the following configurable rule to help > protect against ssh dictionary attacks: > > |iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m > recent --set > iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m > recent --update --seconds 60 --hitcount 4 -j DROP
You can add custom rules like this to Vuurmuur in two ways. You can create a custom chain and use a 'Chain' rule in Vuurmuur to send the traffic to this chain. 'chain service ssh from any to firewall options chain="RECENTSSH"' Then add your custom rules to that chain: iptables -A RECENTSSH -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set iptables -A RECENTSSH -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP Below that have the normal accept rule for ssh. The other option is to add these rules to the PRE-VRMR-INPUT chain. With both solutions the custom rules are not touched by Vuurmuur on reloads and applying changes, but after a reboot they need to be added again. One other thing though. If my understanding of your rules is correct they are not very safe because they can easily be DoS'd. Repeated login/connect attempts by others result in you no longer being able to log in. I'd suggest looking at something like denyhosts for this purpose. Cheers, Victor > Thanks, > > Ty > | > > ------------------------------------------------------------------------ > Got a little couch potato? > Check out fun summer activities for kids. > <http://us.rd.yahoo.com/evt=48248/*http://search.yahoo.com/search?fr=oni_on_mail&p=summer+activities+for+kids&cs=bz> > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > > ------------------------------------------------------------------------ > > _______________________________________________ > Vuurmuur-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/vuurmuur-users ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Vuurmuur-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/vuurmuur-users
