Tiny Core Extensions > TCE Q&A Forum
iptables
(1/1)
Looper:
i use these rules , but i don't know how to accept this match after 1 minutes,... these rules if match ,Denying for ever i need Denying for 2 minutes how can i do that?
--- Code: ---iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,ACK SYN -m state --dport 6050 --state NEW -m recent --set
iptable -A INPUT -i eth0 -p --tcp-flags SYN,ACK SYN -m state --dport 6050 --state NEW -m recent --update --seconds 20 --hitcount 3 -j Drop
--- End code ---
[EDIT]: Added code tags. Rich
Rich:
Hi Looper
You really should use code tags when displaying commands, config files, etc. Code tags preserve formatting and serve as
a separator between your question and supplied data.
rdebath:
--- Code: ----A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j REJECT
--- End code ---
These rules, that seem to be just like yours, do NOT deny forever. BUT the "--update" means that if you keep hitting the rule the next time to let you in will keep getting extended. It will block you as long as you keep prodding.
If you want to give them another chance even if they keep being bad you need an "--rcheck" rule before these two rules, I guess like this:
--- Code: ----I INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --rcheck --seconds 60 --hitcount 4 -j REJECT
--- End code ---
Note: REJECTS are usually better at making "script kiddies" go away and bother someone else.
Navigation
[0] Message Index
Go to full version