similar to: IPTABLES --hitcount maximum value

Hello, up to CentOS 5.3 it was possible, to control new ip connections by "recent", "seconds" and "hitcount" -A INPUT -m state --state NEW -m recent --set -p tcp --dport 80 -A INPUT -m state --state NEW -m recent --update --seconds 60 --hitcount 1000 -p tcp --dport 80 -j LOG --log-prefix "FW DROP IP Flood: " -A INPUT -p tcp -m tcp --dport 80 -m state

Hello, all. I read this document about iptables recent module. http://blog.andrew.net.au/2005/02/16#ipt_recent_and_ssh_attacks and I would like to filter the excessive spam mail sending ip address by iptables recent module. and some questions. iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --set --name SPAM iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=469 Summary: recent match doesn't triger with --hitcount > 20 Product: netfilter/iptables Version: linux-2.6.x Platform: i386 OS/Version: other Status: NEW Severity: normal Priority: P2 Component: ip_tables (kernel) AssignedTo:

Hello, I have well performing iptables in centos 5.2 and 5.3 : -A INPUT -m state --state NEW -m recent --update --seconds 60 --hitcount 1000 -p tcp --dport 25 -j LOG --log-prefix "FW DROP IP Flood: " Centos 5.5, updated today: Without -hitcount : iptables accept the line Including -hitcount : iptables brings an error message: Applying iptables firewall rules: iptables-restore:

Hi! I need to delay failed ssh password authentication as an additional measure against brute force ssh attacks. I understand, that shoud be accomplished through pam, but googling gave me no example. I have CentOS 5.2. -- Veiko Kukk

I added these rules to IPTABLES to slow brute force attacks. iptables -A INPUT -p tcp --dport 22 -s my_subnet/24 -j ACCEPT iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 5 --rttl --name SSH -j DROP I would like log entries when connections are dropped to see

This was sent to me regarding the wiki. ---------- Forwarded message ---------- From: "Martin Kon??ek" <mkonicek12 at gmail.com> Date: Mar 7, 2013 4:44 AM Subject: mistake on Securing SSH To: <timothy.ty.lee at gmail.com> Cc: Hi TImothy, I saw wiki http://wiki.centos.org/HowTos/Network/SecuringSSH and it is pretty good, but there is a mistake. *Instead of having* iptables

Hi, Ive built a new server using xen debian lenny packages. Im trying to firewall dom 0 which i can do ok but it then blocks access to the dom Us. Has anyone managed to do this successfully? Thanks Ian _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users

Hi, to prevent scripted dictionary attacks to sshd I applied those iptables rules: -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set --name SSH --rsource And this is part of logwatch: sshd: Authentication Failures: unknown

Hi, I have a data set with two continous variables that I want to plot MEANS (I am not intrerested in median values) on a double-y graph. I also have 2 factors. I want the factor combinations plotted in different panes. Dummy dataset: mydata <- data.frame(factor1 = factor(rep(LETTERS[1:3], each = 40)), factor2 = factor(rep(c(1:4), each = 10)), y1 =

Hi everyone (again), before you all start screaming that the reordering of factors has been discusse on several threads and is not particular to ggplot2, hear me out. I can easily reorder my x-axis factor in facet.grid() in ggplot2. What I cannot reorder are the factors represented on the strips. I can see that the graphs are changing, so I am afraid of what it is I am doing. Why is ggplot2

Hi, I have had some troubles using doubleYScale. No matter what I try, I cant manage to change the color of the y-axis in the end. I have to produce a black and white plot. There is also something I do not understand regarding fontfamilyj="serif" when using it in: strip=strip.custom() Maybe someone has a better idea for defining which line and dots belong to which y-axis when not using

Dear all, I have set up one unprivileged Domain-1 with help of FedoraQuickStart and some help from you. Now I want to install some other OS to Domain-2. How can I install a different OS (say Redhat 7.3) onto a unprivileged domain? Do I have to copy all files from an existed installation to an image file? Thanks, Koala _______________________________________________ Xen-users mailing list

Alright, I have setup the new rules and am waiting to see if I have any issues. If I do, I will keep working on it. I also read the article below, which mentions exactly what you I was told about 2008 and newer using different ports. https://support.microsoft.com/en-us/kb/929851 Here is the new configuration: root at dc01:~# iptables -S -P INPUT DROP -P FORWARD DROP -P OUTPUT ACCEPT -A INPUT -m

Hi, # For publications, I am not allowed to repeat the axes. I have tried to remove the axes using: # yaxt="n", but it did not work. I have not understood how to do this in ggplot2. Can you help me? # I also do not want loads of space between the graphs (see below script with Dummy Data). # If I could make it look like the examples on the (nice) examples page: #

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=469 netfilter@linuxace.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |netfilter@linuxace.com Status|NEW |RESOLVED Resolution|

Hi, i have a problem with xen. the output of uname is:Linux xen 2.6.12-gentoo-r6 #9 SMP Mon Jan 23 18:13:25 CET 2006 i686 AMD Opteron(tm) Processor 844 AuthenticAMD GNU/Linux i user the SAME config of the kernel, for xen0 domain, and when i boot with xen0 kernel it reboots after this output... . . . ipt_recent v0.3.1: Stephen Frost <sfrost@snowman.net>.

Hi, Dummy data script and scripts are attached below. I would like to change the plot to look like this:

Hello, I would like permission to contribute information to the wiki... Username: CaseyDoyle To append an additional method for ssh blocking with firewallD: Page: https://wiki.centos.org/HowTos/Network/SecuringSSH#head-3579222198adaf43a3ecbdc438ebce74da40d8ec Suggest to add the following info to it pertinent section: ------ 6. Filter SSH at the Firewall complementary to iptables method,

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I recently tried adding a firewall to my Samba 4 server using the port information I found on the wiki. Below is a dump of the resulting rules. root at dc01:~# iptables -S - -P INPUT DROP - -P FORWARD DROP - -P OUTPUT ACCEPT - -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m