This shows you the differences between two versions of the page.
iptables [2009/07/02 18:46] k2patel created |
iptables [2020/08/10 02:35] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== IPTABLES ====== | ||
- | Statefull and Powerfull Firewall.\\ | ||
- | |||
- | ==== Enable for SSH Bruteforce Prevention ==== | ||
- | This is not a 100% proof setup as it does not block based on the result of authentication.\\ | ||
- | It just work based on connection.\\ | ||
- | |||
- | === Simple Rules === | ||
- | <code bash> | ||
- | iptables -N BRTBLK | ||
- | iptables -A INPUT -p tcp --dport 22 -m state –state NEW -j BRTBLK | ||
- | iptables -A BRTBLK -m recent –set –name SSH | ||
- | iptables -A BRTBLK -m recent –update –seconds 45 –hitcount 5 –name SSH -j DROP | ||
- | </code> | ||
- | |||
- | === Rules With Exceptions === | ||
- | Replace <Exception> with your IP.\\ | ||
- | You can use multiple rules with diff. IP to allow exceptions. | ||
- | |||
- | <code bash> | ||
- | iptables -N BRTBLK | ||
- | iptables -A INPUT -p tcp –dport 22 -s <Exception> -j ACCEPT | ||
- | iptables -A INPUT -p tcp --dport 22 -m state –state NEW -j BRTBLK | ||
- | iptables -A BRTBLK -m recent –set –name SSH | ||
- | iptables -A BRTBLK -m recent –update –seconds 45 –hitcount 5 –name SSH -j DROP | ||
- | </code> | ||
- | |||
- | === Rules to Log Bloked IP === | ||
- | |||
- | <code bash> | ||
- | iptables -N BRTBLK | ||
- | iptables -A INPUT -p tcp --dport 22 -m state –state NEW -j BRTBLK | ||
- | iptables -A BRTBLK -m recent –set –name SSH | ||
- | iptables -A BRTBLK -m recent –update –seconds 45 –hitcount 5 –name SSH -j LOG --log-level info --log-prefix "Bad IP : " | ||
- | iptables -A BRTBLK -m recent –update –seconds 45 –hitcount 5 –name SSH -j DROP | ||
- | </code> |