[CentOS] Re: IPTables Blocking Brute Forcers
sebastien.tremblay at au.cmpmedica.com
Tue Nov 21 21:31:49 UTC 2006
On 07:09, Fri 17 Nov 06, Sudev Barar wrote:
> >You can use IPTables to limit the rate of connections. I allow only
> >connections from a given IP address within each 3 minute period.
> >I know this is sloppy and lazy but can you post your iptables line
> >that does this?
> # Don't have a limit on my_trusted_domain
> iptables -A INPUT -p tcp -s my_trusted_domain.org --dport 22 -j ACCEPT
Just a little note, I believe domain names (like my_trusted_domain.org,
or domain.com) should not be used in the iptables config. You should
stick to IP addresses only.
This is because at boot time, the iptables module is loaded in the
kernel before DNS-related modules, which could have a significant impact
(say you allow everything from yourself from outside the box using a
domain... well you risk a lockout as it won't resolve..! ;)
Hope this helps!
This message and any attachments are confidential and are solely intended for the use of the addressee(s). If you are not the intended recipient please contact the sender by reply email. Please also disregard the contents of this email and delete and destroy any copies immediately. CMPMedica Australia Pty Ltd does not accept liability for the views expressed in this email or for the consequences of any computer viruses that may be transmitted with this email. Also subject to copyright, no part of this message should be reproduced or transmitted without written consent.
More information about the CentOS