Op 20-02-11 23:16, Gergely Nagy schreef:
I'll be implementing this on my own servers too. Been toying with the idea ever since you posted about it first, but now with the step-by-step howto, there're no more obstacles.
Cool. Please let me know your findings.
It's running on 4 now, so far, working like a charm, blocking what should be blocked, and so on. There's another server I want to switch to this solution from sshguard, but the kernel there is ancient (it's a Xen guest, and I can't upgrade for reasons beyond my control), and it doesn't have /proc/net/xt_recent, only /proc/net/ipt_recent. I haven't tried whether that works the same or not, as I'd have to go through a lot of pain to gain access to the box if anything goes wrong. Nevertheless, this particular system will be switched over aswell, sooner or later. -- |8]