Hi,
On Tue, Aug 19, 2008 at 21:23, MHR <mhullrich@xxxxxxxxx> wrote:
>> Another approach is to create a subchain that just logs and drops (no match
>> rules), and in your main chain you match on the desired packet and jump to
>> the subchain. That eliminates the need to maintain the same match in two
>> places, and reduces the number of rules a non-dropped packet has to pass
>> through.
>
> Could you post a sample, using the OP's example as a base?
Sure!
# create a chain to log and drop
iptables -N LOGANDDROP
# in that chain, log and then drop any package that gets there
iptables -A LOGANDDROP -j LOG --log-prefix 'SSH attack: '
iptables -A LOGANDDROP -j DROP
# and in INPUT, send any SSH package with more
# than 5 hits per minute to that chain
iptables -A INPUT -p tcp --dport 22 -m state --state NEW \
-m recent --update --seconds 60 --hitcount 5 \
--rttl --name SSH -j LOGANDDROP
The name LOGANDDROP could probably be improved... Maybe SSHATTACK
would be more appropriate.
HTH,
Filipe
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
