[PATCH] Increase SSH Connection Limit

Tim Niemeyer tim at tn-x.org
So Okt 30 13:05:50 CET 2016


Am Samstag, den 29.10.2016, 21:15 +0200 schrieb mayosemmel:
> Reviewed-by: Jan Kraus <mayosemmel at gmail.com>
Von mir auch.

Und applied.

Tim

> 
> Am Donnerstag, den 27.10.2016, 13:50 +0200 schrieb Christian Dresel:
> > Signed-off-by: Christian Dresel <fff at chrisi01.de>
> > ---
> >  src/packages/fff/fff-firewall/Makefile                               | 2 +-
> >  src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh | 4 ++--
> >  2 files changed, 3 insertions(+), 3 deletions(-)
> > 
> > diff --git a/src/packages/fff/fff-firewall/Makefile b/src/packages/fff/fff-firewall/Makefile
> > index 80d562f..5f6751c 100644
> > --- a/src/packages/fff/fff-firewall/Makefile
> > +++ b/src/packages/fff/fff-firewall/Makefile
> > @@ -1,7 +1,7 @@
> >  include $(TOPDIR)/rules.mk
> >  
> >  PKG_NAME:=fff-firewall
> > -PKG_VERSION:=1
> > +PKG_VERSION:=2
> >  PKG_RELEASE:=1
> >  
> >  PKG_BUILD_DIR:=$(BUILD_DIR)/fff-firewall
> > diff --git a/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh b/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh
> > index 7fd4e30..d5cc07a 100644
> > --- a/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh
> > +++ b/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh
> > @@ -2,6 +2,6 @@
> >  iptables -A INPUT -i $IF_WAN -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
> >  iptables -A INPUT -i $IF_WAN -j REJECT
> >  
> > -# Limit ssh to 3 new connections per 60 seconds
> > +# Limit ssh to 6 new connections per 60 seconds
> >  /usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name dropbear
> > -/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 --rttl --name dropbear -j DROP
> > +/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 6 --rttl --name dropbear -j DROP
> > -- 
> > 2.1.4
> > 
> 
> -- 
> franken-dev mailing list
> franken-dev at freifunk.net
> http://lists.freifunk.net/mailman/listinfo/franken-dev-freifunk.net

-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : signature.asc
Dateityp    : application/pgp-signature
Dateigröße  : 473 bytes
Beschreibung: This is a digitally signed message part
URL         : <http://lists.freifunk.net/pipermail/franken-dev-freifunk.net/attachments/20161030/2e6b0e3e/attachment.sig>


Mehr Informationen über die Mailingliste franken-dev