I suspect what you're really after is a solution like fail2ban. Check out http://www.fail2ban.org/wiki/index.php/Main_Page otherwise there will be a guide to setting this up easily somewhere on the web. If you still need help with iptables after having a look at f2b post back. Regards, Edward On Tue, Nov 1, 2011 at 5:03 PM, Roger <arelem3@bigpond.com> wrote:
Need help understanding iptables.
tcp dpt:ssh state NEW recent: SET name: SSH side: source tcp dpt:ssh state NEW recent: UPDATE seconds: 90 hit_count: 4 TTL-Match name: SSH side: source should reduce brute force attack to 4 hits in 90 seconds but last -d reports hundreds of hits per ip all within a second, it then changes ip and starts again.
I've not played with iptables until a week ago. I've read up on the ubuntu, centos and fedora iptables info but still the problem. Can someone please point me in a direction to stop attacks from ip addresses after a couple of attempts. Many thanks Roger
_______________________________________________ luv-main mailing list luv-main@lists.luv.asn.au http://lists.luv.asn.au/listinfo/luv-main