[NBLUG/talk] Doing it without the daemon... (was Re: SSHD on a different port

Scott Doty scott at corp.sonic.net
Fri Sep 12 14:32:36 PDT 2008


> http://denyhosts.sourceforge.net/ and http://opensource.sfsu.edu/node/122
>
> cheers,
> Sameer
>   

I ran across this one on the net today:

   iptables -A INPUT -i eth0 -p tcp --dport 2280 -m state --state NEW -m recent --update --seconds 200 --hitcount 2 --rttl --name SSH -j DROP

("if two new connections on port 2280 come from the same host in 200 seconds, drop traffic 
to that host")

Season to taste -- show your mom! :)

 -Scott
p.s. or Dilbert's mom, if you prefer...





More information about the talk mailing list