From: Norman Yarvin <yarvin@yarchive.net>
To: Dave Taht <dave.taht@gmail.com>
Cc: cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] BCP38 implementation
Date: Sat, 22 Mar 2014 16:04:24 -0400 [thread overview]
Message-ID: <20140322200424.GA11911@muttonhead.home.lan> (raw)
In-Reply-To: <CAA93jw5=TppxOGegDZj+xn1uWmY=k-GW0MDxrCFmkWoKv4X_aA@mail.gmail.com>
On Thu, Mar 20, 2014 at 10:38:17AM -0700, Dave Taht wrote:
>An example idea is that I average 2 ssh dictionary attacks/sec on some
>of my boxes, and I'd just as soon start dropping connection attempts
>after X number of tries....
That's not hard to do, via the "recent" iptables module. Here's my
set of custom rules for it. I set up a "throttle" chain to do the
work:
iptables -N throttle
iptables -A throttle -m recent --update --seconds 1200 --hitcount 4 -j DROP
iptables -A throttle -m recent --set
iptables -A throttle -j ACCEPT
Then after a bit of preliminary filtering I forward incoming ssh and
ftp attempts to the "throttle" chain:
iptables -I INPUT -i ge00 -m conntrack --ctstate NEW -p tcp --dport ssh \
-j throttle
iptables -I INPUT -i ge00 -m conntrack --ctstate NEW -p tcp --dport ftp \
-j throttle
--
Norman Yarvin http://yarchive.net/blog
next prev parent reply other threads:[~2014-03-22 20:04 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-19 20:59 Toke Høiland-Jørgensen
2014-03-19 21:44 ` Dave Taht
2014-03-19 22:31 ` Toke Høiland-Jørgensen
2014-03-20 9:29 ` Toke Høiland-Jørgensen
2014-03-20 13:07 ` Toke Høiland-Jørgensen
2014-03-20 17:38 ` Dave Taht
2014-03-20 18:14 ` Toke Høiland-Jørgensen
2014-03-22 20:04 ` Norman Yarvin [this message]
[not found] ` <532AB801.6050702@openwrt.org>
2014-03-20 10:28 ` Toke Høiland-Jørgensen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140322200424.GA11911@muttonhead.home.lan \
--to=yarvin@yarchive.net \
--cc=cerowrt-devel@lists.bufferbloat.net \
--cc=dave.taht@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox