[Lilug] iptables to limit ssh connections to 4 a minute
Jörg Kewisch
jorg at mellifera.buzz
Tue Jan 12 20:27:18 PST 2021
this was given to me by Mark Davis from the Tidewater Unix User Group (TWUUG.ORG). A fancier method is
sshguard. I have not tried that yet.
blackbird:~> cat /etc/rc.local
# Added by Mark A. Davis
# Use iptables to slow the amount of connections by the same ipaddress
# to sshd. When the attacker reaches 4 hit counts it will be blocked
# for 60 seconds before resetting. If the attacker keeps attacking
# before the 60 seconds are up it will reset the the time limit to
# another 60 seconds.
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j LOG --log-prefix "sshd_brute_force_block "
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP
blackbird:~>
--
Jörg Kewisch
jorg at mellifera.buzz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lilug.org/pipermail/lilug-lilug.org/attachments/20210112/2553b280/attachment.htm>
More information about the Lilug
mailing list