iptables and firewall coonfiguration so thatit understand when ssh logs in properly and when not

Hello everyone,
if you know how to use iptables (v 1.3.3) read on - i have slackware
10.2 btw:

basically i have a little home network and i have forwarded port 22 to
my linux machine in there both from internal network and from computers
from the internet..
but checking out /var/log/messages i see that ppl just dont stop trying
to connect to my pc.
therefore i want to start using rc.firewall. so i generated an
rc.firewall script with Easy Firewall Generator.. put in /etc/rc.d set
the right permissions and started using it...
basically so far this is the code i have written:

$IPT -A tcp_inbound -p TCP -s ! 192.168.0.0/24 --destination-port 22 -m
recent --update --seconds 300 -j DROP
$IPT -A tcp_inbound -p TCP -s ! 192.168.0.0/24 -m state --state NEW
--destination-port 22 -m recent --set -j ACCEPT

which basically says:
first pass:
line 1: if there is inbound tcp connection with source port outside my
home network on port 22 AND the recent flag has been set, update its
timestamp to current time and wait 300secs before reseting the flag.
also DROP the packets. sincein the 1st pass the 'recent' flag hasnt
been set, the rule will not be executed and packets will not be
dropped.
line 2: if there is NEW inbound tcp connection with source port outside
my home network on port 22 , set the 'recent' flag and accept the
packet. so an ssh login appears.

2nd pass:
line 1: if there is inbound tcp connection with source port outside my
home network on port 22 AND the recent flag has been set, update its
timestamp to current time and wait 300secs before reseting the flag
also DROP the packets. since in the 2nd pass the 'recent' flag has been
set (from line 2 , 1st pass), the rule will be executed and packets
will be dropped. so i won't get a login screen.
so far so good... and that works wonders for attacks that try to
connect to me through ssh (basically this is what i set out initially
to do)

however, if say i login and logout straight away, and try to login
again, i will not be able to. i basically, somehow, if i DO manage to
login to ssh, the 'recent' flag to be reset. so i can login again...
how is it possible to do that?
nass

.

Relevant Pages

  • Re: Wininet PORT command
    ... I am now using the INTERNET_FLAG_PASSIVE flag so that it uses PASV instead ... I wanted it to be using PASV anyway. ... One group of people complained that there is no way to force PORT and so ... I cannot reproduce *exactly* the same environment, ...
    (microsoft.public.win32.programmer.networks)
  • Re: Remote WiFi Printing? Is it possible
    ... >>I recently purchased a Canon ip4000r wireless printer. ... >>setup on my home network and it works great. ... > I don't think printing to port 9100 is going to work. ... > printing of NETBIOS over TCP/IP which users ports 137 thru 139. ...
    (alt.internet.wireless)
  • Re: heavy traffic on port 1025
    ... > connections to VNC hosts on my home network, ... > To see what program is trying to access port 1025. ... > Per user Group Policy Restrictions for XP Home and XP Pro ... >> Question - if task scheduler is using port 1025, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Separate threads only run with DoEvents
    ... The thread that it is on is started when the port is opened, ... Charles ... >> a loop calling DoEvents and testing a flag. ... >> The background thread looks at the incoming data, ...
    (microsoft.public.dotnet.languages.vb)
  • Re: AS, BT, IPAQ 4155
    ... > about trying to use 802.11b on my home network but the guides seem to say ... - be 100% sure that the COM port defined on the computer's ActiveSync ... if the USB adapter is connected to a USB HUB move it to a USB port ...
    (microsoft.public.pocketpc.wireless)