Would this version be more to your liking? I'm just trying to evolve this script to answer as many of the questions / concerns that are being posed on the list. iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --name SSH --set --rsource -j SSH_Brute_Force iptables -A SSH_Brute_Force -s $My_Home_Firewall_IP -j RETURN iptables -A SSH_Brute_Force -s $My_Office_Firewall_IP -j RETURN iptables -A SSH_Brute_Force -s $My_Girlfriends_Firewall_IP list -j RETURN iptables -A SSH_Brute_Force -m recent ! --rcheck --seconds 60 --hitcount 3 --name SSH --rsource -j RETURN iptables -A SSH_Brute_Force -j LOG --log-prefix "SSH Brute Force Attempt: " iptables -A SSH_Brute_Force -p tcp -j TARPIT I have tested this script on my home firewall and have found it to work the way that it is intended, so give it a try and see what you think. Any and all feedback is welcome and appreciated. Grant. . . .
