>> My config does not appear to be dropping unauthorised IPs - in my >> logwatch file I am still getting lines like: >> >> Failed logins from: >> 211.238.253.248: 54 times >> >> Illegal users from: >> 202.110.131.27: 1 time >> 211.238.253.248: 164 times > > I'm not familiar with logwatch. Are these SSH, telnet, other? I > assume SSH, because new telnet connections are allowed in with > this rule: > >> -A INPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 25 >> --syn -j ACCEPT Huh..? Not to nitpick or anything, but dport 25 is smtp and dport 23 is telnet. IMHO this rule will not allow telnet. Gr, Rob
