[plug] firewalling ssh
Shannon Carver
shannon.carver at gmail.com
Mon Jan 8 15:41:52 WST 2007
How about:
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
--set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
--update --seconds 60 --hitcount 4 -j DROP
This block anything after the 3rd hit from an IP within 60 seconds.
-----Original Message-----
From: plug-bounces at plug.org.au [mailto:plug-bounces at plug.org.au] On Behalf
Of Tim Bowden
Sent: Monday, 8 January 2007 3:32 PM
To: plug
Subject: [plug] firewalling ssh
Hi all,
I'm trying to protect a debian box from ssh attacks. I need to be able
to ssh in from anywhere so I need to keep port 22 open. What I would
like to do though is drop connection requests from any address that
attempts to connect more than three or four times in less than a minute.
Any ideas on how to do it? What I'd like to do is an iptables rule that
does rate limiting syn packets per each source address but I don't
believe that's possible (at least out of the box).
Regards,
Tim Bowden
_______________________________________________
PLUG discussion list: plug at plug.org.au
http://www.plug.org.au/mailman/listinfo/plug
Committee e-mail: committee at plug.linux.org.au
More information about the plug
mailing list