El mié, 08-07-2009 a las 12:31 +0200, ESGLinux escribió: > 2009/7/8 Manuel Aróstegui <manuel@xxxxxxxxxxxxxx> > > I like this kind of solution but I think this rules doesnt work. with them > the webserver does not respond to a single petition. > > I have loaded this in my test computer: > > iptables -N APACHE_CHECK > iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j APACHE_CHECK > iptables -A APACHE_CHECK -m state --state NEW -m recent --set --name APACHE > > iptables -A APACHE_CHECK -m state --state NEW -m recent --update --seconds > 60 --hitcount 4 --name APACHE > > iptables -A APACHE_CHECK -m state --state NEW -m recent --rcheck --seconds > 60 --hitcount 4 --name APACHE -j LOG > > iptables -A APACHE_CHECK -m state --state NEW -m recent --rcheck --seconds > 60 --hitcount 4 --name APACHE -j DROP > > I have added the rule to log when the packets are dropped and it logs every > packet, what is wrong? > > > Thanks for your asnwer It works fine in my SSH server. Try adding one by one all the rules so we can "debug" a little bit the rule that's stopping your webserver to receive petitions. Manuel. -- Manuel Arostegui Ramirez. Electronic Mail is not secure, might not be read every day, and should not be used for urgent or sensitive issues. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
