From: "Rainer Traut" <tr.ml@xxxxxx>
Hi, LC schrieb:Hi,How do write the code for iptables to drop IP(s) trying to access ssh after 3 tries and block it for 10mins?regardssth like this? this is from my iptables script, you have to adjust the variables.$ipt -A INPUT -m state --state NEW -p tcp --dport 22 -m recent --name SSH --update --seconds 60 --hitcount 4 -j LOG_DROP$ipt -A INPUT -m state --state NEW -p tcp --dport 22 -m recent --name SSH --setRainer
I do it a little more thoroughly - I log the attempts after timeouts.
# Then setup the reject trap.
$IPTABLES -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set
$IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack \
--rcheck --seconds 120 --hitcount 3 -j LOG --log-prefix 'SSH REJECT: '
$IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack \
--rcheck --seconds 120 --hitcount 3 -j REJECT --reject-with tcp-reset
{^_^}
