[PLUG] TCP Wrappers and IPs

Paul Mullen pem at nellump.ath.cx
Tue Feb 21 23:53:20 UTC 2006


On Tue, Feb 21, 2006 at 01:36:39PM -0800, Carla Schroder wrote:
> 
> But aren't you the boss of the firewall, since you're creating these rules? 

I am. I was referring to when I'm a client on someone else's network,
one with a firewall that blocks most outbound ports. In that sort of
situation, if my server doesn't listen on the usual SSH port, I'm
hosed.

> Anyway, your iptables hack is very excellent.

I wish I could take the credit for it. :-)

>  It does not discriminate on the basis of source address. It simply 
> rate-limits the number of new connections per minute from anywhere. So if 

That doesn't seem to be the case in my experience. After three
consecutive logins from client A, I can switch to client B (on an
entirely different network) and get through just fine. Unfortunately
I'm not yet good enough with iptables to explain how/why this is the
case.

> You might want to create an allow rule if you log in from the same remote 
> address a lot. Something like this that puts no restrictions on SSH traffic 
> from a particular address:

Good idea! Thanks.


Paul



More information about the PLUG mailing list