Dear list, Could some one please help me to identify the problem in my ssh overflow blacklisting rule sets ? I already have these rule sets to prevent ssh overflow. Please note my firewall is default DROP policy. #---------------- ssh incoming----------------# # NB: Block the overflow ip for 3 min # max 3 connection per min per ip iptables -A INPUT -p tcp -m state --state NEW --dport $SSH_PORT -m hashlimit \ --hashlimit 3/min --hashlimit-burst 1 --hashlimit-htable-expire 180000 \ --hashlimit-mode srcip --hashlimit-name sshlimit -j ACCEPT #----------------------------------------# As expected connection attempt more than 3 in a min is dropped and ensure only 3 connection per minute. But It should also block the source IP for 3 min and this part is not working here. Could any one kindly suggest any clue or reason behind this ? Thanks -- জয়দীপ বক্সী -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
