Server is back up
Derek Atkins
warlord at MIT.EDU
Sun Jan 15 20:10:49 EST 2006
Quoting Chris Shoemaker <c.shoemaker at cox.net>:
> I didn't know about ipt recent. I've been using:
> -A RH-Firewall-1-INPUT -i eth0 -p tcp -m tcp --dport 22 -m conntrack
> --ctstate NEW -m recent --set --name sshscans
> -A RH-Firewall-1-INPUT -m recent --rcheck --seconds 60 --hitcount 5
> --name sshscans -j LOG --log-prefix "SSH attack: "
> -A RH-Firewall-1-INPUT -m recent --rcheck --seconds 60 --hitcount 5
> --name sshscans -j DROP
Umm, you're using ipt_recent -- -m recent.. It's broken. I'm surprised
that this works for you. For me it doesn't.
> But I can't say I'm totally satisfied with it. It seems to interact
> poorly with X11 forwarding.
That's one way it's poor. I've also noticed that it sometimes blocks
ALL ssh inputs. I haven't figured out how or why, yet.
> I've done some searching for a better solution but nothing jumped out.
> If you find something that works well, I'd be interested in trying it
> out here if you'd share the rules.
I've not found anything better, yet, either. It was working great in
FC1 on the 2.4 kernel, but ALL my 2.6 kernels have trouble using this.
There was a bug about this in FC and supposedly this is fixed in 2.6.15:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=164076
> I'm also waiting for an FC4-blessed 2.6.15-1, because it has a vgacon
> double-scan fix that's been biting me since 2.6.14.
There's a test kernel available... But I don't want to install a test
RPM on the "production" server.
>> I honestly have no idea if that's controllable or how. I'm willing to
>> make the change if you tell me what I need to change. Did you try selecting
>> the side-by-side mode in the changeset viewer? There's also the
>> "unified diff" link at the bottom of the changeset.
>
> Oh, I didn't see those. That's good enough for me.
Ahh, good. Less work for me. :)
> -chris
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
More information about the gnucash-devel
mailing list