Subject: | |
From: | |
Reply To: | |
Date: | Fri, 30 Dec 2011 19:50:02 -0800 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On 2011/12/30 19:04, MT Julianto wrote:
> On 31 December 2011 03:16, jdow <[log in to unmask] <mailto:[log in to unmask]>>
> wrote:
>
> On 2011/12/30 18:05, MT Julianto wrote:
>
> On 30 December 2011 14:22, jdow <[log in to unmask]
> <mailto:[log in to unmask]> <mailto:[log in to unmask]
> <mailto:[log in to unmask]>>>
>
> This allows me to typo the password. All I have to do is wait a
> couple minutes
> between tries
>
> Is it the same as fail2ban with setting: maxretry=1 ?
>
>
> I don't know. I learned of fail2ban from the BSD mailing list long after I'd
> learned that iptables trick. I feel more comfortable with the iptables trick
> since it is right there instantly rather than with any log reading delays.
> It even prevents two attempts from the same address if the first one was
> successful, which is not something I've ever wanted to do. It's one less
> piece of software on the system. It means I had to learn iptables a bit.
>
>
> If I were you, I will do that same :-) It is always a great pleasure to use our
> own tricks and to keep learning about it.
>
>
> I learned the trick on one of the Red Hat lists about a decade ago.
>
>
> I wish have a chance someday to learn iptables...
There is no present like the time.
I first learned ipchains. I found the Trinity firewall project long ago and
built up some tweaks to their ipchains firewall. Then I had to learn iptables
to keep the goodies I'd built in, like a dedicated hole in the firewall in
case the usual login method failed. I also learned to redirect incoming
connection requests to another machine when I experimented with a little
video streaming on a Windows machine.
It's a little mind-bending at first. But taking working scripts and adapting
them is a good way to learn.
{^_^}
|
|
|