I'm working on a re-write of the SSH_Brute_Force chain on my home firewall. This rewrite will be VERY different and should be the foundation for much growth and adaptation in to other things as well. The basic idea behind it is to use a multi level triggering system. Restated in english if you trigger the first level you are banned for a specific amount of time. If you trip the first level and are banned for the specified amount of chem and then re trip the first level you are then banned at the second level and banned for a longer time. At present my levels are as follows, 1 minute, 1 hour, 1 day, 1 week, 1 month, 1 year and then permanent ban. I'm also adding IPs to a recent list that can be checked by other chains early on in the chain set out side of the SSH_Brute_Force chain. Needless to say it's very complex and I'm doing some testing to make sure that it works the way that I want it to. Once I get it working I'll either post it to this thread or start a new one
with an appropriate subject. I'm trying to include some functionality or the capability of the functionality of Portsentry as you have requested.
I'm not sure if /etc/hosts.deny will prevent packets from entering IPTables or not as I thought that the file was read by user space daemons as a list of IPs to never talk to, not necissarly to the IP table to deny access to. I could be wrong on this though.
Grant. . . .
