[lug] iptables help

Orion Poplawski orion at cora.nwra.com
Tue Feb 15 16:32:01 MST 2011


On 02/15/2011 04:19 PM, Paul Nowosielski wrote:
> Dear All,
>
> I really don't want to remove the logic to drop an IP after 3 login attempts
> because it work so well.
> Does anyone see a simple solution to my problem?

The trouble with your config is that it doesn't distinguish between successful 
and unsuccessful connections.

The system I use is a bit complicated, but has been working okay for the most 
part.

- Forward all authpriv messages on all machines to a central server
- Use swatch to monitor that log
- swatch adds rules to the firewall when it detects N failures within S seconds
- I also just recently added monitoring /var/log/maillog for relay attempts 
and block those too.


-- 
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA/CoRA Division                    FAX: 303-415-9702
3380 Mitchell Lane                  orion at cora.nwra.com
Boulder, CO 80301              http://www.cora.nwra.com



More information about the LUG mailing list