On Tue, 2005-08-09 at 09:00 -0700, Brian Gaynor wrote: > On Tue, 2005-08-09 at 09:39 -0600, Kevin Fenzi wrote: > > > > $IPTABLES -A INPUT -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m state --state NEW -j ACCEPT > > I've used similar rules for some time now and they've proven very > effective. The only problem I've run into is with subversion over SSH, > it generates a lot of short connections sometimes (for example when > browsing a repository) and can look like an attack to this kind of > block. That issue has been addressed by the newly released openssh-4.2 http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html Quote: - Many bugfixes and improvements to connection multiplexing, including: - Added ControlMaster=auto/autoask options to support opportunistic multiplexing (see the ssh_config(5) manpage for details). -- Florin Andrei http://florin.myip.org/ -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-test-list