Hello gurus,
I'm playing around with the SSH throttling examples from
debian-administration.org. I'm still a bit new to iptables, and I'm
trying to understand how this works.
I have the following two commands:
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
--set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
--update --seconds 60 --hitcount 4 -j DROP
Which tells the kernel to allow 3 new ssh connections from a single
remote host, and after that the remote host is blocked by dropping the
packets. My question is, for how long is the remote host blocked?
Another 60 seconds?
Or to put it another way, how does iptables know how long to remember a
recent connection? And can I change that?
Michael
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
