It took me quite a while to figure it out, since I needed to set up some modprobe options.

First, I set that I can count up to 250 (I think the maximum is 256) recent ip hits.

cat /etc/modprobe.d/options
options ipt_recent ip_pkt_list_tot=250

Then I created a firewall script:

cat firewall.sh

#!/bin/sh
ipt=/sbin/iptables

set -x

if [ -z $1 ] ; then
echo "$0 <public device>"
exit
fi

# Clear rules
$ipt -D INPUT -i $1 -p TCP --dport ssh -m state --state NEW -j "$1"-SSH 2>/dev/null

# Set up an ssh and blacklist chain.
$ipt -F "$1"-SSH 2>/dev/null
$ipt -F "$1"-BLACKLIST 2>/dev/null
$ipt -X "$1"-SSH 2>/dev/null
$ipt -X "$1"-BLACKLIST 2>/dev/null

$ipt -N "$1"-SSH
$ipt -N "$1"-BLACKLIST

# Make sure that we update the recency of the packet, and then drop them.  The timing is controlled by the ssh chain.
$ipt -A "$1"-BLACKLIST -m recent --name BLACKLIST --set
$ipt -A "$1"-BLACKLIST -j DROP

# In the ssh chain, incoming connections from BLACKLIST hosts are dropped.  The timer is restarted everytime we get a packet within 600 s.
$ipt -A "$1"-SSH -m recent --update --name BLACKLIST --seconds 600 --hitcount 1 -j DROP

# Create several counting buckets.
$ipt -A "$1"-SSH -m recent --set --name "$1"-BUCKET1
$ipt -A "$1"-SSH -m recent --set --name "$1"-BUCKET2
$ipt -A "$1"-SSH -m recent --set --name "$1"-BUCKET3
$ipt -A "$1"-SSH -m recent --set --name "$1"-BUCKET4

# Blacklist if:
#   More than 2 connections in 10 seconds
#   More than 14 connections in 120 seconds
#   More than 79 connections in 600 seconds
#   More than 250 connections in 1800 seconds
$ipt -A "$1"-SSH -m recent --update --name "$1"-BUCKET1 --seconds   10 --hitcount   3 -j "$1"-BLACKLIST
$ipt -A "$1"-SSH -m recent --update --name "$1"-BUCKET2 --seconds  120 --hitcount  15 -j "$1"-BLACKLIST
$ipt -A "$1"-SSH -m recent --update --name "$1"-BUCKET3 --seconds  600 --hitcount  80 -j "$1"-BLACKLIST
$ipt -A "$1"-SSH -m recent --update --name "$1"-BUCKET4 --seconds 1800 --hitcount 250 -j "$1"-BLACKLIST

# All other ssh access is allowed.
$ipt -A "$1"-SSH -j ACCEPT

# Allow packets that belong to existing connections.
$ipt -D INPUT -i $1 -m state --state RELATED,ESTABLISHED -j ACCEPT 2>/dev/null
$ipt -A INPUT -i $1 -m state --state RELATED,ESTABLISHED -j ACCEPT

# Allow all packets from loopback device.
$ipt -D INPUT -i lo -j ACCEPT 2>/dev/null
$ipt -A INPUT -i lo -j ACCEPT

# Redirect all incoming ssh connections to the chain of the same name.
$ipt -A INPUT -i $1 -p TCP --dport ssh -m state --state NEW -j "$1"-SSH

# What remains has no right to continue.
$ipt -D INPUT -i $1 -j DROP 2>/dev/null
$ipt -A INPUT -i $1 -j DROP

Finally, I set it up in my /etc/network/interfaces, that this should be called for my main interface (my public one):
auto eth0
iface eth0 inet dhcp
up firewall.sh eth0
I hope this helps anyone.

I have had a virtual host for a while now, and never truly utilized it.  I’ve been using linode and I have to say that I am very happy with the service and quality of the user-interface.  Having recently bought my own domain (yes, the one at the top in your address bar), I decided to finally run my setup completely myself.

So what am I running, and what do I want to write about?  Well for that I have to take a step back.

My last blog focused a lot on Haskell, for that is a language I am very passionate about.  Unfortunately, I have had less and less time to actually devote to it.  In the meantime, my eyes have opened to whole new worlds.

While I have used linux for about 10 years now, it was always a means to an end.  Finally stripped of my academic bubble I have come to appreciate the more technical aspects of it.  It is therefore that I have started devouring a variety books on the topic.

Additionally, since I was never formally a software engineer, having a background in electrical engineering, I decided to purchase a few books in the direction of being a better programmer.  It is one thing to be confident of the fact that you can implement an efficient kernel algorithm in your language of choice.  It is another entirely, to be able to tackle big projects and properly design software in layer.  I am starting to realize that slowly.

While reading the Passionate Programmer by Chad Fowler, I decided that I wanted to blog more on these types of topics.  The combination of technical and psychological/sociological elements is always one that has fascinated me.

So that is what I hope to achieve on this blog, a place to reflect on books such as the one above, a combination of software development and career development, speckled with little technical tidbits I learn along the way or that interest me.

It is somewhat ironic that I am writing this now, when I am back in the city I used to study at, Leuven, to put the last dots on the ‘i’ of my Ph.D. thesis. Writing is not something that is my forte, though I admit it is mostly laziness.  And as with everything, I hope to improve upon it.   Perhaps it is that drive for constantly improving myself that makes me enjoy reading books like Chad Fowler’s.

I have to say that starting this blog has definitely been rife of the Paradox of Choice. Questions such as what theme to use, whether to import the content of my old blog here.

Simple questions are often the ones that take one the longest to answer, down to what name to give to a variable.

Perhaps, I should open this up for discussion instead, for you, inexistent reader of this new blog, feel free to reply in the comments:

Should I import my old content even though the topic was mostly directed towards one very specifical technical niche, namely Haskell.

And for those wondering the original question, the answer is wordpress on lighttpd.  I am already created a DNS entry for a wiki extension as well, where I can jot down interesting links I might want to discuss or unfinished content, however I am still deciding on what wiki software to use (Again, choices… Though I am heavily leaning towards MoinMoin).

Finally, if anyone has an interesting suggestion for what to put on the main webpage (http://www.poucet.org), comments are always welcome.  Discussion is the only way to learn new things, for otherwise we grow stale.

Note to self: Don’t be afraid of writing your own opinions, instead of sticking to purely technical things.