Menu
▾
▴
Re: [Shorewall-users] ssh script attacks
|
From: Shorewall G. <sho...@co...> - 2009-01-17 15:45:37
|
Roberto C. Sánchez wrote: > On Sat, Jan 17, 2009 at 09:06:30AM +0100, Gerhard Engler wrote: >> for Interf in $WAN; do >> $IPTABLES_BIN -A INPUT -i $Interf -p tcp --dport 22 -m state --state NEW \ >> -m recent --set --name SSH >> $IPTABLES_BIN -A INPUT -i $Interf -p tcp --dport 22 -m state --state NEW \ >> -m recent --rcheck --seconds 60 --hitcount 4 --rttl --name SSH \ >> -j REJECT --reject-with tcp-reset >> $IPTABLES_BIN -A INPUT -i $Interf -p tcp --dport 22 -m state --state NEW \ >> -j ACCEPT >> done >> >> >> How can I translate this in shorewall? >> > SSH/ACCEPT net $FW - - - - 4/min:4 That approach has the disadvantage that legitimate users are blocked out during an attack. The Limit builtin action (http://www.shorewall.net/PortKnocking.html#Limit) does what the OP is asking. |