Re: iptables and ssh

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: "Rainer Traut" <tr.ml@xxxxxx>

Hi,

LC schrieb:
Hi,

How do write the code for iptables to drop IP(s) trying to access ssh after 3 tries and block it for 10mins?

regards

sth like this?
this is from my iptables script, you have to adjust the variables.

$ipt -A INPUT -m state --state NEW -p tcp --dport 22 -m recent --name SSH --update --seconds 60 --hitcount 4 -j LOG_DROP

$ipt -A INPUT -m state --state NEW -p tcp --dport 22 -m recent --name SSH --set

Rainer

I do it a little more thoroughly - I log the attempts after timeouts.

# Then setup the reject trap.
$IPTABLES -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set
$IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack \
 --rcheck --seconds 120 --hitcount 3 -j LOG --log-prefix 'SSH REJECT: '
$IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack \
 --rcheck --seconds 120 --hitcount 3 -j REJECT --reject-with tcp-reset


{^_^}


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux