On 2011/12/30 19:04, MT Julianto wrote:
> On 31 December 2011 03:16, jdow <[log in to unmask] <mailto:[log in to unmask]>>
> wrote:
>
>     On 2011/12/30 18:05, MT Julianto wrote:
>
>         On 30 December 2011 14:22, jdow <[log in to unmask]
>         <mailto:[log in to unmask]> <mailto:[log in to unmask]
>         <mailto:[log in to unmask]>>>
>
>             This allows me to typo the password. All I have to do is wait a
>         couple minutes
>             between tries
>
>         Is it the same as fail2ban with setting: maxretry=1 ?
>
>
>     I don't know. I learned of fail2ban from the BSD mailing list long after I'd
>     learned that iptables trick. I feel more comfortable with the iptables trick
>     since it is right there instantly rather than with any log reading delays.
>     It even prevents two attempts from the same address if the first one was
>     successful, which is not something I've ever wanted to do. It's one less
>     piece of software on the system. It means I had to learn iptables a bit.
>
>
> If I were you, I will do that same :-)  It is always a great pleasure to use our
> own tricks and to keep learning about it.
>
>
>     I learned the trick on one of the Red Hat lists about a decade ago.
>
>
> I wish have a chance someday to learn iptables...

There is no present like the time.

I first learned ipchains. I found the Trinity firewall project long ago and
built up some tweaks to their ipchains firewall. Then I had to learn iptables
to keep the goodies I'd built in, like a dedicated hole in the firewall in
case the usual login method failed. I also learned to redirect incoming
connection requests to another machine when I experimented with a little
video streaming on a Windows machine.

It's a little mind-bending at first. But taking working scripts and adapting
them is a good way to learn.

{^_^}