Why this update here (see below)?
$ipt -A SSH_Brute_Force -m recent --name SSH --update
Every time packet passed --set rule it updates SSH. So if drop this rule, nothing changes. Or am I wrong? Is there any idea behind this that I missed.
The "--set" rule is required because the testing that I did the "--update" rule would not effectively do the same thing as "--set" because there was no initial "--set" to be updated. It's sort of a chicken and egg problem where you can not successfully have one with out having the other in this scenario. The only draw back to having the "--set" that I'm aware of is that the hit count is incremented once per "--set" and "--update" thus you have to double the "--hitcount" value that you want to match against.
Grant. . . .
