From: "Rainer Traut" <tr.ml@xxxxxx>
Hi,
LC schrieb:
Hi,
How do write the code for iptables to drop IP(s) trying to access ssh
after 3 tries and block it for 10mins?
regards
sth like this?
this is from my iptables script, you have to adjust the variables.
$ipt -A INPUT -m state --state NEW -p tcp --dport 22 -m recent --name
SSH --update --seconds 60 --hitcount 4 -j LOG_DROP
$ipt -A INPUT -m state --state NEW -p tcp --dport 22 -m recent --name
SSH --set
Rainer
I do it a little more thoroughly - I log the attempts after timeouts.
# Then setup the reject trap.
$IPTABLES -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set
$IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack \
--rcheck --seconds 120 --hitcount 3 -j LOG --log-prefix 'SSH REJECT: '
$IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack \
--rcheck --seconds 120 --hitcount 3 -j REJECT --reject-with tcp-reset
{^_^}