iptables
This is an old revision of the document!
IPTABLES
Statefull and Powerfull Firewall.
Enable for SSH Bruteforce Prevention
This is not a 100% proof setup as it does not block based on the result of authentication.
It just work based on connection.
Simple Rules
iptables -N BRTBLK iptables -A INPUT -p tcp --dport 22 -m state –state NEW -j BRTBLK iptables -A BRTBLK -m recent –set –name SSH iptables -A BRTBLK -m recent –update –seconds 45 –hitcount 5 –name SSH -j DROP
Rules With Exceptions
Replace <Exception> with your IP.
You can use multiple rules with diff. IP to allow exceptions.
iptables -N BRTBLK iptables -A INPUT -p tcp –dport 22 -s <Exception> -j ACCEPT iptables -A INPUT -p tcp --dport 22 -m state –state NEW -j BRTBLK iptables -A BRTBLK -m recent –set –name SSH iptables -A BRTBLK -m recent –update –seconds 45 –hitcount 5 –name SSH -j DROP
Rules to Log Bloked IP
iptables -N BRTBLK iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j BRTBLK iptables -A BRTBLK -m recent --set --name SSH iptables -A BRTBLK -m recent --update --seconds 45 --hitcount 5 --name SSH -j LOG --log-level info --log-prefix "Bad IP : " iptables -A BRTBLK -m recent --update --seconds 45 --hitcount 5 --name SSH -j DROP
iptables.1265320325.txt.gz · Last modified: 2020/08/10 02:30 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
