Michael Drons wrote: > I trying to add these additional commands to the > IPTABLES > iptables -N SSHSCAN > iptables -A INPUT -p tcp --dport 22 -m state --state > NEW -j SSHSCAN > iptables -A SSHSCAN -m recent --set --name NEWACCEPT > iptables -A SSHSCAN -m recent --update --seconds 30 > --hitcount 3 --name NEWACCEPT -j LOG --log-level debug > --log-prefix "SSH SCAN blocked:" > iptables -A SSHSCAN -m recent --update --seconds 30 > --hitcount 3 --name NEWACCEPT -j DROP > > It does not appear that I can add theses commands via > the vuurmuur GUI, So I wrote a script to add them > manually after vuurmuur loads. They appear in the > iptables -L listing, but they dont seem to work. > > Anyone have any suggestions on how to get this work?
Hi Mike, It looks like this SSHSCAN chain is used to block hosts that connect to often within 30 seconds. If I read it correctly, hosts that are not blocked reach the end of the chain and then get back to INPUT. Did you add an accept rule there for ssh? If not the default policy is used, which is DROP... I can't comment on the usage of 'recent' as I've never used it. Hope this helps. Regards, Victor ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Vuurmuur-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/vuurmuur-users
