[Cerowrt-devel] BCP38 implementation
Norman Yarvin
yarvin at yarchive.net
Sat Mar 22 16:04:24 EDT 2014
On Thu, Mar 20, 2014 at 10:38:17AM -0700, Dave Taht wrote:
>An example idea is that I average 2 ssh dictionary attacks/sec on some
>of my boxes, and I'd just as soon start dropping connection attempts
>after X number of tries....
That's not hard to do, via the "recent" iptables module. Here's my
set of custom rules for it. I set up a "throttle" chain to do the
work:
iptables -N throttle
iptables -A throttle -m recent --update --seconds 1200 --hitcount 4 -j DROP
iptables -A throttle -m recent --set
iptables -A throttle -j ACCEPT
Then after a bit of preliminary filtering I forward incoming ssh and
ftp attempts to the "throttle" chain:
iptables -I INPUT -i ge00 -m conntrack --ctstate NEW -p tcp --dport ssh \
-j throttle
iptables -I INPUT -i ge00 -m conntrack --ctstate NEW -p tcp --dport ftp \
-j throttle
--
Norman Yarvin http://yarchive.net/blog
More information about the Cerowrt-devel
mailing list