I'm learning about iptables... I find the same ip address sometimes 100 times or more and trying the same user name. After reading and applying much of the help in google I have tried and failed to achieve a successful result. for example: /var/log/btmp shows: user ssh:notty Thu Nov 10 17:10 - 17:10 (00:00) hn.vtc.vn some 30 times user ssh:notty Thu Nov 10 17:10 - 00:20 (1+07:10) hn.vtc.vn 3 times with varying duration. user ssh:notty Thu Nov 10 13:14 - 17:07 (03:53) 58.250.71.43 25 times with varying duration. and similar page after page. Is there a way to limit: -number of log in attempts to 2, -the duration of a log in attempt to 3 seconds or less -the number of times a username can be tried, prefer it set at 2 and then not again for 24 hours if it fails. Also is there a way to DROP ip addresses after 2 attempts and not allow that ip address for say 24 hours? I did not find anything about this in the tutorials. iptables does not seem difficult to grasp but I am completely stumped on how to create tighter limits. in part I have: DROP tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: UPDATE seconds: 90 hit_count: 4 TTL-Match name: SSH1 side: source And have tried seconds between 5 and 90 but find even login attempts of 2-5 minutes are not dropped. hit_count set between 1 and 4 I still see 30+ attempts using the same username attempt. Help gratefully appreciated thanks Roger -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
