On 06/29/2017 06:48 PM, Doug wrote:
On 06/29/2017 08:32 PM, JD wrote:
On 06/29/2017 07:10 PM, jdow wrote:
iptables -t filter -A IN_public_deny -p tcp --dport pop3s --syn -m
recent --name pop3s_attack --rcheck --seconds 90 --hitcount 2 -j LOG
--log-prefix 'SSH2 REJECT: ' --log-level info
My iptables replied:
iptables: No chain/target/match by that name.
How is it created?
How is WHAT created? I'm snowed!
Hi Doug,
Before you give up look at this.
That looks a firewalld chain name (guessing). If it doesn't recognize
it you're probably not running it.
If you want to use iptables (the built-in kernel firewall) and watch SSH
connections the rules would look like:
iptables -A INPUT -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK
SYN -m recent --rcheck --seconds 90 --hitcount 2 --name DEFAULT --mask
255.255.255.255 --rsource -j LOG --log-prefix "POSSIBLE SSH ATTACK"
--log-level 6
iptables -A INPUT -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK
SYN -m recent --rcheck --seconds 90 --hitcount 2 --name DEFAULT --mask
255.255.255.255 --rsource -j DROP
The first rule LOGS the event and the second one drops the connection.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
