Portsentry and too many iptables rules?
Shawn Tayler
stayler at xmtservices.net
Sun Jul 13 19:08:14 PDT 2008
Hi Guys,
The large number of DROP rules stems from nearly a year of continuous uptime
and the lovely old Psionic Portsentry application creating drop rules on
every scan and bogus connection attack, although it does miss port 22 and 25,
I'd like to add something to catch ssh logins who fail after say 3 tries, any
suggestions would be appreciated.
I pulled the rules list and clearwed the dups and I'm down to 46,000 and
change. I'll try and filter down to net segments to lower this further.
Suggested methods?
Shawn
On Sunday 13 July 2008 00:07:28 James McDonald wrote:
> Shawn Tayler wrote:
> > Hi Guys,
> >
> > I've been running portsentry v2.0b1 for many years, since before it was
> > closed up. I seem to remember someone spending some time with it,
> > correcting a few bugs etc. Is there a newer versions out there? If not
> > are there any issues with it, and replacements you would recommend?
> >
> > Also, how may is too many iptables drop rules? I currently have
> > somewhere around 50,000 and growing, thanks in part to portsentry, is
> > there a better way to handle large blocked and drop rules quantities?
> >
> > Shawn
>
> Wow 50,000 what would cause you to have that many drop rules?
>
> Wouldn't setting the default policy to DROP be more effective? Or am I
> missing why you would have 50k of rules?
>
> iptables -P INPUT|OUTPUT|FORWARD DROP
>
>
>
> _______________________________________________
> Linux-users mailing list ( Linux-users at linux-sxs.org )
> Unsub/Password/Etc:
> http://linux-sxs.org/mailman/listinfo/linux-users
>
> Need to chat further on this subject? Check out #linux-users on
> irc.linux-sxs.org !
More information about the Linux-users
mailing list