Subj : neat stuff....
To   : Benny Pedersen
From : Janis Kracht
Date : Fri Feb 19 2016 01:25 pm

Hi Benny,

>> sudo iptables -I INPUT -p tcp --dport 23 -i eth0 -m state --state NEW
>> -m recent --set

> imho invalid

That's the first step.  That step must be folllowed by #2 below.  How do you 
think Shorewall works?  it sets the same type commands as these two with Python 
scripts <g>

>> sudo iptables -I INPUT -p tcp --dport 23 -i eth0 -m state --state NEW
>> -m recent --update --seconds 30 --hitcount 2 -j DROP

>> All of a sudden idiots cannot connect here after 30 seconds <g>

> indeed, just remember i say i would like to help you with shorewall ?

Not needed, and not wanted here.  I can control it all by setting the dport, 
and seconds after their initial connect.

Most people don't understand Iptables.  It's not hard to work with when you 
understand it.

Here is what I'm using now, works great: Step 1:
sudo iptables -I INPUT -p tcp --dport 23 -i eth0 -m state --state NEW -m recent 
--set

Step 2:
sudo iptables -I INPUT -p tcp --dport 23 -i eth0 -m state --state NEW -m recent 
--update --seconds 60 --hitcount 4 -j DROP

I use the same commands for port 8080 btw.

These commands will flush your iptables filewall, and remove all currently 
active rules when you want to change the settings.

iptables -F
iptables -X

Take care,
Janis

--- BBBS/Li6 v4.10 Dada-2
 * Origin: Prism bbs (1:261/38)

.