[syslog-ng] Firewalling with syslog-ng, a working prototype
Valentijn Sessink
valentyn at blub.net
Mon Feb 21 08:34:31 CET 2011
Op 20-02-11 23:06, Valentijn Sessink schreef:
> can be concatenated so that you don't need a separate "block" chain
> anymore, as follows:
> ip6tables -A INPUT -m recent --rcheck --name syslogblock --seconds 900
> --hitcount 15 -m recent --rcheck --name block --set
> But I'm not sure, I'll have to check.
I checked, the iptables devs say that iptables does short circuit
evaluation, so the above should work nicely.
Best regards,
Valentijn
More information about the syslog-ng
mailing list