Re: ftp hammer rule help

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stephen Frost <sfrost@snowman.net>
To: Adam De Paolis <adepaolis@rogers.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: ftp hammer rule help
Date: Mon, 30 Sep 2002 23:16:22 -0400	[thread overview]
Message-ID: <20021001031622.GG8948@ns> (raw)
In-Reply-To: <007201c268f5$abec1fd0$6501a8c0@adm2hsmw3cesp7>

[-- Attachment #1: Type: text/plain, Size: 975 bytes --]

* Adam De Paolis (adepaolis@rogers.com) wrote:
> I am trying to create a rule which will prevent users from hammering my ftp site when its busy. A rule which say will drop userlogin if their is 3 attempts in 1 minute.
> 
> I believe the match recent rule is what I need to get working but I don't have it working.  This is what I have so far (thanks to stephen frost, but it doesnt seem to work. 
> 
> The firewall machine is my ftp server, both are on the same computer:
> 
> iptables -A FORWARD -m recent --name ftpconn --rcheck --seconds 60 --hitcount 3 -j DROP
> iptables -A FORWARD -p tcp -d aa.bb.cc.dd/32 --dport 21 -m recent --name ftpconn --set -j DRO

Can you say what does happen..?  Also, cat /proc/net/ipt_recent/ftpconn
and see what's there.  It also looks like maybe you have it set up
incorrectly in the second rule, you want to ACCEPT there until they
reach the limit which is in the first rule, and then they'll be dropped
there.

	Stephen

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

     prev parent reply	other threads:[~2002-10-01  3:16 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-10-01  2:53 ftp hammer rule help Adam De Paolis
2002-10-01  3:16 ` Stephen Frost [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20021001031622.GG8948@ns \
    --to=sfrost@snowman.net \
    --cc=adepaolis@rogers.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.