> Brent Clark wrote: > > Would you be so kind as to copy and paste your ruleset for this. > No problem, here's my variation, based on Taylor Grant's ruleset > > $ipt -N SSH_Brute_Force > $ipt -A INPUT -p tcp --dport 22 -m state --state NEW -s ! $MyIP -j > SSH_Brute_Force > $ipt -A SSH_Brute_Force -m recent --set --name SSH > $ipt -A SSH_Brute_Force -m recent ! --rcheck --name SSH --seconds 60 > --hitcount 3 -j RETURN > $ipt -A SSH_Brute_Force -m recent --name SSH --update > $ipt -A SSH_Brute_Force -j LOG --log-prefix "SSH Brute Force Attempt: " > $ipt -A SSH_Brute_Force -j DROP > > I am forced to use DROP here instead of TARPIT as the TARPIT isn't > supported yet for the 2.6.x kernel branch > Is this true that Tarpit does not work with 2.6 kernels? I was going to give it a try on one of my no-production firewalls. Thanks, Jim
