RE: [CentOS] Re: IPTables Blocking Brute Forcers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 07:09, Fri 17 Nov 06, Sudev Barar wrote:
> >You can use IPTables to limit the rate of connections.  I allow only
2
> >connections from a given IP address within each 3 minute period.
> >
> >I know this is sloppy and lazy but can you post your iptables line
> >that does this?
>
>
> # Don't have a limit on my_trusted_domain 
> iptables -A INPUT -p tcp -s my_trusted_domain.org --dport 22 -j ACCEPT

Just a little note, I believe domain names (like my_trusted_domain.org,
or domain.com) should not be used in the iptables config. You should
stick to IP addresses only. 

This is because at boot time, the iptables module is loaded in the
kernel before DNS-related modules, which could have a significant impact
(say you allow everything from yourself from outside the box using a
domain... well you risk a lockout as it won't resolve..! ;)

Hope this helps!


Seb.

_____________________________________________________________________ 
This message and any attachments are confidential and are solely intended for the use of the addressee(s). If you are not the intended recipient please contact the sender by reply email. Please also disregard the contents of this email and delete and destroy any copies immediately. CMPMedica Australia Pty Ltd does not accept liability for the views expressed in this email or for the consequences of any computer viruses that may be transmitted with this email. Also subject to copyright, no part of this message should be reproduced or transmitted without written consent.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux