On Sat, 2011-10-22 at 17:33 +0200, Azerty Ytreza wrote: > ********************************************************************************************** > > Just mean gateway/firewall server that all the traffic passes through. > > > > No doesn't work ... The port is blocked when I try these rules (copy > > of the INPUT rules) : > > > > iptables -A FORWARD -i eth1 -p tcp -m tcp --dport 443 -m state --state > > NEW -m recent --set > > iptables -A FORWARD -i eth1 -p tcp -m tcp --dport 443 -m state --state > > NEW -m recent --update --seconds 600 --hitcount 1 -j DROP > > You've got a hitcount of 1. Don't you mean 10 as you had in your first > set of rules? > Yes it's for test. The first time should work, the second request > should be blocked for 600sec. Hitcount matches when the number of packets is greater than or *equal*, so defining a number of "1" will always match. Also, hitcount refers to number of packets, so you'll need a rule in there to only apply the DROP to NEW connections, otherwise you'll block a successful connection as soon as that number of packets has been sent. This website is quite good: http://thiemonagel.de/2006/02/preventing-brute-force-attacks-using-iptables-recent-matching/ Although you'll have to change INPUT to FORWARD. Andy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
