On Fri, Jun 05, 2009 at 22:29:32 -0600, "Ashley M. Kirchner" <ashley@xxxxxxxxxx> wrote: > > I currently have one system I'm testing the following rules on: > > iptables -N SSHSCAN > iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSHSCAN > iptables -A SSHSCAN -m recent --set --name SSH > iptables -A SSHSCAN -m recent --update --seconds 300 --hitcount 2 > --name SSH -j DROP > > > And just by watching it for the past few days, those rules seem to > work pretty well. So, it made me wonder, can I apply the same rules for > FTP and e-mail (with the correct port information of course.) I don't think it will work well for email. (I think list servers and other servers that send you a lot of email will tend to get blocked.) Besides, if your purpose is to stop password guessing attacks, there isn't much point in blocking email that way. If you want to try to use it to help mitigate spam, you'd probably be better off using grey listing to do this kind of thing. > I get *a lot* of failed FTP attempts. Especially when the sun comes > up in Asia. And then there's the e-mail spam that also doesn't stop. > So, can I take those same set of rules above, replace the port number > and name, and have them work for FTP and e-mail as well? Do you run an authenticated ftp server? If you just use ssh based file transfers and/or anonymous ftp, then there probably isn't much point to doing this. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
