[PLUG] TCP Wrappers and IPs
Paul Mullen
pem at nellump.ath.cx
Tue Feb 21 23:53:20 UTC 2006
On Tue, Feb 21, 2006 at 01:36:39PM -0800, Carla Schroder wrote:
>
> But aren't you the boss of the firewall, since you're creating these rules?
I am. I was referring to when I'm a client on someone else's network,
one with a firewall that blocks most outbound ports. In that sort of
situation, if my server doesn't listen on the usual SSH port, I'm
hosed.
> Anyway, your iptables hack is very excellent.
I wish I could take the credit for it. :-)
> It does not discriminate on the basis of source address. It simply
> rate-limits the number of new connections per minute from anywhere. So if
That doesn't seem to be the case in my experience. After three
consecutive logins from client A, I can switch to client B (on an
entirely different network) and get through just fine. Unfortunately
I'm not yet good enough with iptables to explain how/why this is the
case.
> You might want to create an allow rule if you log in from the same remote
> address a lot. Something like this that puts no restrictions on SSH traffic
> from a particular address:
Good idea! Thanks.
Paul
More information about the PLUG
mailing list