On Fri, 2009-06-05 at 22:29 -0600, Ashley M. Kirchner wrote: > I currently have one system I'm testing the following rules on: > > iptables -N SSHSCAN > iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSHSCAN > iptables -A SSHSCAN -m recent --set --name SSH > iptables -A SSHSCAN -m recent --update --seconds 300 --hitcount 2 > --name SSH -j DROP > > > And just by watching it for the past few days, those rules seem to > work pretty well. So, it made me wonder, can I apply the same rules for > FTP and e-mail (with the correct port information of course.) > > I get *a lot* of failed FTP attempts. Especially when the sun comes > up in Asia. And then there's the e-mail spam that also doesn't stop. > So, can I take those same set of rules above, replace the port number > and name, and have them work for FTP and e-mail as well? > > Am I overlooking something really obvious? > I downloaded and use fail2ban for email, ftp, ssh and others, it works fairly well and is customizable using your /var/log/secure and /var/log/maillog as well as the ftp log to automatically ban people with iptables. If you do get it, you can ban them in seconds, but if you use -1 it will permanently ban them. Thanks, Kevin -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
