**** BEGIN LOGGING AT Wed Aug 10 02:59:57 2011
Aug 10 11:37:57 <giuseppeg88> hi
Aug 10 11:40:33 <giuseppeg88> I have a problem: my fonera is undergoing an infinite number of connection attempts from IP addresses public (via ssh)
Aug 10 11:40:39 <giuseppeg88> http://pastebin.com/MzQCRm1m
Aug 10 11:43:27 <giuseppeg88> If I remember correctly, once there was a possible maximum number of attempts, after which incoming connections (by a determinate ip) were rejected
Aug 10 11:44:41 <giuseppeg88> maybe this control does not work if the fonera is set in bridge mode (once there was this problem, but I remember that he had been solved)
Aug 10 11:47:12 <giuseppeg88> the attack is continuing always by (for now) the same ip: http://pastebin.com/qPNeZ3jU
Aug 10 11:58:43 <blathijs> Ey giuseppeg88
Aug 10 11:59:23 <blathijs> There should be hammer protection, limiting the maximum number TCP connections per minute or something like that
Aug 10 12:00:12 <giuseppeg88> hi blathijs
Aug 10 12:00:27 <blathijs> giuseppeg88: http://trac.fonosfera.org/fon-ng/ticket/839
Aug 10 12:00:31 <blathijs> Ticket is stil open
Aug 10 12:00:56 <giuseppeg88> mmm
Aug 10 12:01:28 <giuseppeg88> I remembered that I had resolved in some way...
Aug 10 12:01:35 <blathijs> The problem is that in bridge mode, connections really come from the LAN
Aug 10 12:01:45 <blathijs> except when you apply port forwarding...
Aug 10 12:02:14 <blathijs> giuseppeg88: Perhaps you're thinking of http://trac.fonosfera.org/fon-ng/changeset/1672 ?
Aug 10 12:05:26 <giuseppeg88> blathijs: I'm going to lunch, see you later...
Aug 10 13:51:42 <giuseppeg88> I'm back
Aug 10 13:56:37 <giuseppeg88> searching in the wiki, (maybe) I remembered how I had temporarily solved...
Aug 10 13:56:39 <giuseppeg88> if I remember correctly I used these commands: http://wiki.fon.com/wiki/Fonera_Development#Anti-hammering
Aug 10 13:57:38 <blathijs> Ah, right
Aug 10 13:57:54 <blathijs> but those commands are on the wiki from before the hammer protection was in the firmware
Aug 10 13:57:58 <giuseppeg88> I remember that after you set the bridge mode, if entered manually, the protection was beginning to work
Aug 10 13:58:14 <blathijs> and it is unconditional, so it also "protects" from hosts on the LAN
Aug 10 13:58:42 <blathijs> (e.g., if you make a few subsequent SSH connections, for example SSH, SCP, SSH, it locks you out as well)
Aug 10 13:59:02 <giuseppeg88> yes
Aug 10 14:03:11 <giuseppeg88> I just tried it: now unfortunately this solution doesn't work anymore... this may be due to some change that was made ​​recently?
Aug 10 14:09:18 <blathijs> Not that I can think of, this looks like it should work (since it completely circumvents all chains and works on the INPUT chain directly)
Aug 10 14:10:41 <giuseppeg88> ok... I try again after a reboot
Aug 10 14:17:03 <giuseppeg88> yes!!! it works. now I do so that this protection starts by itself at startup. Thanks for your help
Aug 10 14:26:26 <blathijs> You can put the commands in /etc/firewall.user (IIRC, check /etc/config/firewall)
Aug 10 14:26:54 <blathijs> which is loaded automatically since 2.3.7.0
Aug 10 14:58:42 <giuseppeg88> yes. I put the commands in /etc/firewall.user, I reboot and the it works
**** ENDING LOGGING AT Thu Aug 11 02:59:56 2011