[BlueOnyx:13109] Re: dovecot not registering with failed logins?

Chuck Tetlow chuck at tetlow.net
Sun May 26 22:31:16 -05 2013 

How about that - you're right Gerald.

It appears that just like IP Tables assumes world if you don't put in a source or destination (like -s 0/0 or -d 0/0) - IP Tables will also assume the first rule if you don't give it a specific line to insert at.  I tried your input, and it did insert it at rule 1.

I have to admit - I'd never tried the insert switch (-I) without giving it a specific destination, or line number where to insert the rule.  So I'd never noticed that it would accept the inert without a specific line - and put it in as line #1.

The INPUT is the default chain, and merely calls the "acctin" chain.  It appears that BlueOnyx does this to use the acctin chain for accounting (traffic level monitoring for the active monitor pages).  So technically, either chain will work for inbound traffic rules.  Just watch what order the rules are in - as the first rule that matches the traffic is what's done.

Sorry about that Gerald.  Like I said - I'd never tested IP Tables without being specific about where I wanted the rule inserted.

Chuck

---------- Original Message -----------
From: Gerald Waugh <gwaugh at frontstreetnetworks.com> 
To: BlueOnyx General Mailing List <blueonyx at mail.blueonyx.it> 
Sent: Sun, 26 May 2013 06:52:05 -0500 
Subject: [BlueOnyx:13108] Re: dovecot not registering with failed logins?

> On 05/25/2013 10:11 PM, Chuck Tetlowwrote:
> That IP Tables rule won't work.  You're missing the rule number, andhave the wrong rule name.  And the "-d 0/0" isn't really needed -it means " whole world" and is assumed if not given
> /sbin/iptables -I INPUT -s 1.2.3.4 -d 0/0 -j DROP
> 
> not looking for trouble, but to say a rule 'won't' work, when itdoes is a little troubling.
> the rule does work on my servers, as it immediately blocks an attackon the server
> as seen by an immediate cessation of the attack.
> 
> Gerald
------- End of Original Message -------
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20130526/7e818c9f/attachment.html>

More information about the Blueonyx mailing list