@al37919
As always, you are right - today I locked out myself. The time was too long.
Therefore, I've simply overtaken your solution and I can confirm it works. I've set the -seconds to 300, this should be enough to avoid bruteforce, thats the only change.
Works stable - have checked it many times now.
The only thing what I've added for me are the following two lines:
Code:
iptables -A INPUT -m mac --mac-source $my_UMTS_Modem -j ACCEPT
iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -m mac --mac-source 00:FF:00:FF:AA:BB -j ACCEPT
This allows me unrestricted access (no hitcounts) when using my mobile Modem and from my office (static IP).
As nobody knows my modems mac-address or ip and mac from my office pc, there is no security issue.
Independent of everything, I have strong usernames and passwords - I think this is the most important thing.
Thanks again for your help!
Newbiefan
EDIT
ATTENTION: never use mac rules from sources outside of your network!