{"id":28,"date":"2006-01-13T18:20:36","date_gmt":"2006-01-13T17:20:36","guid":{"rendered":"http:\/\/www.sprawl.it\/ian\/?p=28"},"modified":"2006-02-06T22:36:20","modified_gmt":"2006-02-06T21:36:20","slug":"using-iptables-to-rate-limit-incoming-connections","status":"publish","type":"post","link":"https:\/\/www.sprawl.it\/blog\/2006\/01\/13\/using-iptables-to-rate-limit-incoming-connections\/","title":{"rendered":"iptables to rate-limit SSH incoming connections"},"content":{"rendered":"

There is a really useful article on doing this
\nDebian Administration, Using iptables to rate-limit incoming connections<\/a><\/p>\n

but<\/p>\n

it seems there is a problem on Debian Sarge <\/a>boxes:--seconds & --hitcount
\n<\/code> parameters of the recent module don’t work in the same iptables line.
\nThis is how i changed my configuration:
\niptables -N denylog
\niptables -A denylog -m limit -j LOG
\niptables -A denylog -j DROP
\niptables -N SSH_BRUTE
\niptables -I FORWARD -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
\niptables -I FORWARD -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 20 --name SSH -j SSH_BRUTE
\niptables -I SSH_BRUTE -p tcp --dport 22 -m state --state NEW -m recent --update --hitcount 3 --name SSH -j denylog
\n<\/code>
\nThe result is not the same of the article (max 3 connection attemps every minute), but is similar ant it works this way:
\n– accept the first 3 connection in the first 20 seconds
\n– any other connection is allowed only at the rate of 1 every 20 seconds
\nIn the average are 3 connection accepted every 60 seconds.
\n<\/p>\n","protected":false},"excerpt":{"rendered":"

There is a really useful article on doing this Debian Administration, Using iptables to rate-limit incoming connections but it seems there is a problem on Debian Sarge boxes:–seconds & –hitcount parameters of the recent module don’t work in the same iptables line. This is how i changed my configuration: iptables -N denylog iptables -A denylog […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[2],"tags":[],"class_list":["post-28","post","type-post","status-publish","format-standard","hentry","category-it"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7cMxL-s","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/www.sprawl.it\/blog\/wp-json\/wp\/v2\/posts\/28","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sprawl.it\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sprawl.it\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sprawl.it\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sprawl.it\/blog\/wp-json\/wp\/v2\/comments?post=28"}],"version-history":[{"count":0,"href":"https:\/\/www.sprawl.it\/blog\/wp-json\/wp\/v2\/posts\/28\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.sprawl.it\/blog\/wp-json\/wp\/v2\/media?parent=28"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sprawl.it\/blog\/wp-json\/wp\/v2\/categories?post=28"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sprawl.it\/blog\/wp-json\/wp\/v2\/tags?post=28"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}