iptables and ssh
jdow
jdow at earthlink.net
Tue Jun 13 11:24:59 UTC 2006
From: "Rainer Traut" <tr.ml at gmx.de>
> Hi,
>
> LC schrieb:
>> Hi,
>>
>> How do write the code for iptables to drop IP(s) trying to access ssh
>> after 3 tries and block it for 10mins?
>>
>> regards
>
> sth like this?
> this is from my iptables script, you have to adjust the variables.
>
> $ipt -A INPUT -m state --state NEW -p tcp --dport 22 -m recent --name
> SSH --update --seconds 60 --hitcount 4 -j LOG_DROP
>
> $ipt -A INPUT -m state --state NEW -p tcp --dport 22 -m recent --name
> SSH --set
>
> Rainer
I do it a little more thoroughly - I log the attempts after timeouts.
# Then setup the reject trap.
$IPTABLES -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set
$IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack \
--rcheck --seconds 120 --hitcount 3 -j LOG --log-prefix 'SSH REJECT: '
$IPTABLES -A INPUT -p tcp --dport 22 --syn -m recent --name sshattack \
--rcheck --seconds 120 --hitcount 3 -j REJECT --reject-with tcp-reset
{^_^}
More information about the fedora-list
mailing list