blocking brute force attempts using iptables

------=_Part_53319_8960156.1224227465438
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I have a ruleset which works for blocking brute force attempts on ****t 21,
but I'm not sure how to open ****t 21 without exluding the rules, ie:

# default
$IPTABLES -P INPUT DROP

# when this rule is enabled it doesn't go any further since it's a match,
so
how do I get it to allow the ****t to be open, but also run through the
brute
force tables?
$IPTABLES -A INPUT -p tcp --d****t 21 -j ACCEPT

$IPTABLES -N FTP2
$IPTABLES -N FTPBF
$IPTABLES -N FTPNEW
$IPTABLES -A FTP2 -p tcp -m tcp --d****t 21 -m state --state NEW -j FTPNEW
$IPTABLES -A FTP2 -m recent --set --name FTPBLOCK --rsource
$IPTABLES -A FTP2 -j LOG --log-prefix "FTP BRUTE FORCE: " --log-level 6
$IPTABLES -A FTP2 -j DROP
$IPTABLES -A FTPBF -p tcp -m tcp --d****t 21 -j DROP
$IPTABLES -A FTPNEW -m recent --rcheck --name FTPBLOCK --rsource -j FTPBF
$IPTABLES -A FTPNEW -m recent --set --name FTP --rsource
$IPTABLES -A FTPNEW -m recent --update --seconds 120 --hitcount 6 --name
FTP
--rsource -j FTP2


-- 
Best Regards,
Stephen

------=_Part_53319_8960156.1224227465438
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<div dir="ltr">I have a ruleset which works for blocking brute force
attempts on ****t 21, but I&#39;m not sure how to open ****t 21 without
exluding the rules, ie:<br><br># default<br>$IPTABLES -P INPUT
DROP<br><br># when this rule is enabled it doesn&#39;t go any further since
it&#39;s a match, so how do I get it to allow the ****t to be open, but also
run through the brute force tables?<br>
$IPTABLES -A INPUT -p tcp --d****t 21 -j ACCEPT<br><br>$IPTABLES -N
FTP2<br>$IPTABLES -N FTPBF<br>$IPTABLES -N FTPNEW<br>$IPTABLES -A FTP2 -p
tcp -m tcp --d****t 21 -m state --state NEW -j FTPNEW<br>$IPTABLES -A FTP2
-m recent --set --name FTPBLOCK
--rsource&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <br>
$IPTABLES -A FTP2 -j LOG --log-prefix &quot;FTP BRUTE FORCE: &quot;
--log-level 6<br>$IPTABLES -A FTP2 -j DROP<br>$IPTABLES -A FTPBF -p tcp -m
tcp --d****t 21 -j DROP<br>$IPTABLES -A FTPNEW -m recent --rcheck --name
FTPBLOCK --rsource -j FTPBF<br>
$IPTABLES -A FTPNEW -m recent --set --name FTP --rsource<br>$IPTABLES -A
FTPNEW -m recent --update --seconds 120 --hitcount 6 --name FTP --rsource
-j FTP2<br><br clear="all"><br>-- <br>Best Regards,<br>Stephen<br>
</div>

------=_Part_53319_8960156.1224227465438--


-- 
To UNSUBSCRIBE, email to debian-firewall-REQUEST@[EMAIL PROTECTED]
 a subject of "unsubscribe". Trouble? Contact
listmaster@[EMAIL PROTECTED]