This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
iptables [2011/09/22 00:18] k2patel |
iptables [2011/09/22 02:05] k2patel [xt_recent] |
||
---|---|---|---|
Line 72: | Line 72: | ||
In order to make ssh bruteforce protection working please use following rules. | In order to make ssh bruteforce protection working please use following rules. | ||
+ | <code bash> | ||
+ | :SSH - [0:0] | ||
+ | :BRTBLK - [0:0] | ||
+ | |||
+ | -A INPUT -p tcp -m multiport --dports 21,22 -m recent --update --seconds 8600 --name SSH_BAN --rsource -j DROP | ||
+ | -A INPUT -p tcp -m multiport --dports 21,22 -m state --state NEW -j BRTBLK | ||
+ | |||
+ | -A SSH -m limit --limit 5/min -j LOG --log-prefix "BAD IP: " --log-level 4 | ||
+ | -A SSH -m recent --set --name SSH_BAN --rsource -j DROP | ||
+ | |||
+ | -A BRTBLK -m recent --set --name BRT --rsource | ||
+ | -A BRTBLK -m recent --update --seconds 600 --hitcount 16 --name BRT --rsource -j SSH | ||
+ | -A BRTBLK -m recent --update --seconds 60 --hitcount 4 --name BRT --rsource -j SSH | ||
+ | -A BRTBLK -j ACCEPT | ||
+ | </code> | ||
+ | |||
+ | Now try to login to box 4 times quickly to test. |