[lug] iptables help
Orion Poplawski
orion at cora.nwra.com
Tue Feb 15 16:32:01 MST 2011
On 02/15/2011 04:19 PM, Paul Nowosielski wrote:
> Dear All,
>
> I really don't want to remove the logic to drop an IP after 3 login attempts
> because it work so well.
> Does anyone see a simple solution to my problem?
The trouble with your config is that it doesn't distinguish between successful
and unsuccessful connections.
The system I use is a bit complicated, but has been working okay for the most
part.
- Forward all authpriv messages on all machines to a central server
- Use swatch to monitor that log
- swatch adds rules to the firewall when it detects N failures within S seconds
- I also just recently added monitoring /var/log/maillog for relay attempts
and block those too.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane orion at cora.nwra.com
Boulder, CO 80301 http://www.cora.nwra.com
More information about the LUG
mailing list