Difference between revisions of "IPtables SSH Brute Force"

From MS Computech
Jump to: navigation, search
Line 4: Line 4:
  
 
$IPT -N SSH
 
$IPT -N SSH
$IPT -N SSH_ABL<br>$IPT -A SSH -m recent --name SSH_ABL --update --seconds 3600 -j REJECT
+
$IPT -N SSH_ABL
 +
$IPT -A SSH -m recent --name SSH_ABL --update --seconds 3600 -j REJECT
 
$IPT -A SSH -m recent --name SSH --rcheck --seconds 60 --hitcount 5 -j SSH_ABL
 
$IPT -A SSH -m recent --name SSH --rcheck --seconds 60 --hitcount 5 -j SSH_ABL
 
$IPT -A SSH_ABL -m recent --name SSH_ABL --set -j LOG --log-level warn --log-prefix "ABL: +SSH: "
 
$IPT -A SSH_ABL -m recent --name SSH_ABL --set -j LOG --log-level warn --log-prefix "ABL: +SSH: "

Revision as of 17:32, 6 December 2008

#/bin/bash

IPT=/sbin/iptables

$IPT -N SSH
$IPT -N SSH_ABL
$IPT -A SSH -m recent --name SSH_ABL --update --seconds 3600 -j REJECT
$IPT -A SSH -m recent --name SSH --rcheck --seconds 60 --hitcount 5 -j SSH_ABL
$IPT -A SSH_ABL -m recent --name SSH_ABL --set -j LOG --log-level warn --log-prefix "ABL: +SSH: "
$IPT -A SSH_ABL -j REJECT
$IPT -A SSH -m recent --name SSH --rcheck --seconds 2 -j LOG --log-level warn --log-prefix "RATE: "
$IPT -A SSH -m recent --name SSH --update --seconds 2 -j REJECT
$IPT -A SSH -m recent --name SSH_ABL --remove -j LOG --log-level warn --log-prefix "ABL: -SSH: "
$IPT -A SSH -m recent --name SSH --set -j ACCEPT
$IPT -A INPUT -m state --state NEW -p tcp -m tcp --dport 22 -j SSH
Retrieved from "https://msc.siamtools.com/wiki/index.php?title=IPtables_SSH_Brute_Force&oldid=322"