[rhn-users] Iptables problem
jludwig
wralphie at comcast.net
Wed Feb 22 03:30:10 UTC 2006
On Monday 20 February 2006 12:34, Alberto Ferrante wrote:
> Dear all,
> I have had a strange problem with iptables on RHEL 4. To avoid brute
> force ssh attacks I have set some rules in my iptables filters. For the
> INPUT chain I use the following rules:
> -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_attack
> -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
>
> While the SSH_attack chain is the following:
> -A SSH_attack -m state --state NEW -m recent --name SSH --set
> -A SSH_attack -m recent ! --rcheck --name SSH --seconds 60 --hitcount 5
> -j RETURN
> -A SSH_attack -m limit --limit 10/min -j ULOG --ulog-prefix "SSH Brute
> Force Attempt: "
> -A SSH_attack -p tcp -j DROP
>
> All of this usually works for a couple of days (30 or so); after that
> time the ssh port always results to be closed. No ways, other then
> rebooting, to reset the filter. I tried to restart the iptables service
> (and unloading the related modules) but this doesn't help.
>
> I have the same rules set on a FC4-based machine and I have never had
> this problem, therefore I guess it is related to the RHEL kernels. I am
> up to date with the kernel and all the other packages. This problem has
> been there at least since last October when I first set this rule.
>
> I thank you in advance for your help.
>
> Regards,
> Alberto
I like the rule set but have no idea what is happening.
Are both sshd configurations the same I.E. could the daemon be doing something
stupid or dying?
--
Some people have convictions.
Some people have opinions
I think I'll have a cheeseburger!
More information about the rhn-users
mailing list