how do rate limited IPTABLEs treat a screen session on ssh after disconnection

tkmsr · 11-03-2010, 09:01 AM

Take this scenario If I have rate limited the connections to 4.(i.e if you attempt 4th connection you wont be able to login for some time.)
If in a minute I get disconnected 3 times
while I was already logged in on the server with a screen session,
will I be able to login or I need to keep quite for a minute?

Quote:

-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --name DEFAULT --rsource -j DROP
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --rsource

kbp · 11-03-2010, 06:20 PM

I think your '--set' line will need to be located before your '--update' line, it's probably not working now correct ?

tkmsr · 11-03-2010, 11:39 PM

Hmmm. Ok.

kbp · 11-04-2010, 06:03 PM

The settings "--seconds 60 --hitcount 4" means that if the connection is the 4th or greater in a 60 second period from the same client it will be dropped

cheers

tkmsr · 11-05-2010, 01:12 AM

Ya I understand that.As you had suggested above to swap the rules I found rate limiting no longer worked.
How do you define the connection to be fourth connection can I some how maintain session in IPTABLES.

kbp · 11-05-2010, 06:42 AM

Thats what the 'recent' module does...