There is a really useful article on doing this
Debian Administration, Using iptables to rate-limit incoming connections
but
it seems there is a problem on Debian Sarge boxes:--seconds & --hitcount parameters of the recent module don’t work in the same iptables line.
This is how i changed my configuration:
iptables -N denylog
iptables -A denylog -m limit -j LOG
iptables -A denylog -j DROP
iptables -N SSH_BRUTE
iptables -I FORWARD -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
iptables -I FORWARD -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 20 --name SSH -j SSH_BRUTE
iptables -I SSH_BRUTE -p tcp --dport 22 -m state --state NEW -m recent --update --hitcount 3 --name SSH -j denylog
The result is not the same of the article (max 3 connection attemps every minute), but is similar ant it works this way:
– accept the first 3 connection in the first 20 seconds
– any other connection is allowed only at the rate of 1 every 20 seconds
In the average are 3 connection accepted every 60 seconds.
Rispondi a mr.wolf Annulla risposta