+

"CodeC" <a@b.c> wrote in message news:j4od6b$n43$1@trimpas.omnitel.net...
> On 09/13/2011 10:42 PM, Belekas wrote:
>> www.fail2ban.org
>
> dekui, bet tai netinka. geriau jau ssh serveri ant nestandarinio porto 
> paleisiu. bet vis dar tikiuosi kad su iptables kazka sukurti galima...
>
>>
>> On 2011.09.13 21:16, CodeC wrote:
>>> pasikuriau firewall su iptables. liko viena neispresta problema.
>>> pastoviai atakuojamas 22 (ssh) portas.
>>>
>>> vienas is sprendimu galetu buti toks:
>>>
>>> iptables -P INPUT ACCEPT
>>> iptables -P OUTPUT ACCEPT
>>> iptables -P FORWARD ACCEPT
>>>
>>> iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m
>>> recent --set --name SSH
>>> iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m
>>> recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
>>>
>>>
>>> taciau as naudoju DROP policy:
>>>
>>> iptables -P INPUT DROP
>>> iptables -P OUTPUT DROP
>>> iptables -P FORWARD DROP
>>>
>>> ir poto po viena atidarau ko man reikia. tokiu atveju rules'ai 22-am
>>> portui nebetenka prasmes. kaip ta pati (ar bent panasiai) realizuoti
>>> naudojant DROP policy?
>>
>