iptables in linux

Tim ignored_mailbox at yahoo.com.au
Wed Nov 23 13:08:52 UTC 2011

On Tue, 2011-11-22 at 23:52 -0500, jdow wrote:
> ===8<---
> $IPTABLES -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set
> $IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack \
>    --rcheck --seconds 180 --hitcount 2 -j LOG --log-prefix 'SSH REJECT: ' \
>    --log-level info
> $IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack \
>    --rcheck --seconds 180 --hitcount 2 -j REJECT --reject-with tcp-reset
> ===8<---
> This means a given address gets one chance every 3 minutes to login.
> Even "fubar" is a (relatively) secure password when there is riper
> fruit for picking when the creep has to wait 3 minutes between trials.
> It can be a pain if I mistype my password. It's a tradeoff in that
> regard.

If more things gave us the choice to see our passwords as we typed them
in, there'd be far less login problems.  Sure, it's useful to hide them
if you're using a computer surrounded by people.  But it's pointless
when you're home alone, and highly unlikely to be under tempest

[tim at localhost ~]$ uname -r

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.

More information about the users mailing list