You are not logged in.

#1 2008-10-24 13:56:10

Convergence
Member
Registered: 2005-07-02
Posts: 377

[soleved]Can't figure out why iptables rules aren't enforced

My iptables rules are not enforced.  I recently reinstalled, and I'm re-using the same /etc/iptables/iptables.rules.  They used to work, I tested them, but they don't seem to work anymore.

Here are the contents of my /etc/iptables/iptables.rules:

# Generated by iptables-save v1.4.2 on Fri Oct 24 01:00:22 2008
*filter
:INPUT ACCEPT [576:46438]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [354:62221]
:SSH - [0:0]
:SSH_ABL - [0:0]
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j SSH 
-A SSH -m recent --update --seconds 3600 --name SSH_ABL --rsource -j REJECT --reject-with icmp-port-unreachable 
-A SSH -m recent --rcheck --seconds 60 --hitcount 5 --name SSH --rsource -j SSH_ABL 
-A SSH -m recent --rcheck --seconds 2 --name SSH --rsource -j LOG --log-prefix "RATE: " 
-A SSH -m recent --update --seconds 2 --name SSH --rsource -j REJECT --reject-with icmp-port-unreachable 
-A SSH -m recent --remove --name SSH_ABL --rsource -j LOG --log-prefix "ABL: -SSH: " 
-A SSH -m recent --set --name SSH --rsource -j ACCEPT 
-A SSH_ABL -m recent --set --name SSH_ABL --rsource -j LOG --log-prefix "ABL: +SSH: " 
-A SSH_ABL -j REJECT --reject-with icmp-port-unreachable 
COMMIT
# Completed on Fri Oct 24 01:00:22 2008

All it's supposed to do is  limit SSH login attempts to 5 per hour (my router handles all the other ports).  Like I said, it worked great before. 

P.S.  I found these rules here:  http://www.itwire.com/content/view/13841/53/1/1/

Last edited by Convergence (2008-10-26 15:16:29)


It's a very deadly weapon to know what you're doing
---  William Murderface

Offline

#2 2008-10-25 11:59:27

fumbles
Member
Registered: 2006-12-22
Posts: 246

Re: [soleved]Can't figure out why iptables rules aren't enforced

#iptables -L

have you put iptables in rc.conf ?

Offline

#3 2008-10-26 14:51:47

Convergence
Member
Registered: 2005-07-02
Posts: 377

Re: [soleved]Can't figure out why iptables rules aren't enforced

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
SSH        tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain SSH (1 references)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere            recent: UPDATE seconds: 3600 name: SSH_ABL side: source reject-with icmp-port-unreachable 
SSH_ABL    all  --  anywhere             anywhere            recent: CHECK seconds: 60 hit_count: 5 name: SSH side: source 
LOG        all  --  anywhere             anywhere            recent: CHECK seconds: 2 name: SSH side: source LOG level warning prefix `RATE: ' 
REJECT     all  --  anywhere             anywhere            recent: UPDATE seconds: 2 name: SSH side: source reject-with icmp-port-unreachable 
LOG        all  --  anywhere             anywhere            recent: REMOVE name: SSH_ABL side: source LOG level warning prefix `ABL: -SSH: ' 
ACCEPT     all  --  anywhere             anywhere            recent: SET name: SSH side: source 

Chain SSH_ABL (1 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere            recent: SET name: SSH_ABL side: source LOG level warning prefix `ABL: +SSH: ' 
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

DAEMONS=(syslog-ng iptables network netfs crond alsa kdm sshd ddclient)


It's a very deadly weapon to know what you're doing
---  William Murderface

Offline

#4 2008-10-26 15:15:59

Convergence
Member
Registered: 2005-07-02
Posts: 377

Re: [soleved]Can't figure out why iptables rules aren't enforced

Umm, looking at my logs, it seems to be working.  Can't explain why my tests failed, but I've been attacked a couple of times since, and they only got five attempts to login.


It's a very deadly weapon to know what you're doing
---  William Murderface

Offline

#5 2008-10-27 00:07:12

fumbles
Member
Registered: 2006-12-22
Posts: 246

Re: [soleved]Can't figure out why iptables rules aren't enforced

You should change the default policy to drop.

Offline

Board footer

Powered by FluxBB