blocking brute force attempts using iptables
I have a ruleset which works for blocking brute force attempts on port 21, but I'm not sure how to open port 21 without exluding the rules, ie:
# default
$IPTABLES -P INPUT DROP
# when this rule is enabled it doesn't go any further since it's a match, so how do I get it to allow the port to be open, but also run through the brute force tables?
$IPTABLES -A INPUT -p tcp --dport 21 -j ACCEPT
$IPTABLES -N FTP2
$IPTABLES -N FTPBF
$IPTABLES -N FTPNEW
$IPTABLES -A FTP2 -p tcp -m tcp --dport 21 -m state --state NEW -j FTPNEW
$IPTABLES -A FTP2 -m recent --set --name FTPBLOCK --rsource
$IPTABLES -A FTP2 -j LOG --log-prefix "FTP BRUTE FORCE: " --log-level 6
$IPTABLES -A FTP2 -j DROP
$IPTABLES -A FTPBF -p tcp -m tcp --dport 21 -j DROP
$IPTABLES -A FTPNEW -m recent --rcheck --name FTPBLOCK --rsource -j FTPBF
$IPTABLES -A FTPNEW -m recent --set --name FTP --rsource
$IPTABLES -A FTPNEW -m recent --update --seconds 120 --hitcount 6 --name FTP --rsource -j FTP2
--
Best Regards,
Stephen
Reply to: