Interested in trying this, but can't seem to get it to work. I see packets hitting the --set --name SSH rule, but the drop following it never sees any packets. (using iptables -L -n -v). Seems like it should work, looks like I've got all the modules loaded that I need... phil Ritesh Raj Sarraf said: > Another solution besides using DenyHosts is to use the following set of > iptables commands. (Courtesy: A friend who constantly monitors this list > but wants to remain anonymous) > > ## create denylog chain > iptables -N denylog > iptables -A denylog -j LOG > iptables -A denylog -j DROP > > ## SSH Bruteforce > iptables -N SSH_WHITELIST > iptables -A SSH_WHITELIST -s 10.0.1.0/24 -m recent --remove --name SSH > - -j ACCEPT > iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set > - --name SSH > iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_WHITELIST > iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent > - --update --seconds 60 --hitcount 4 --rttl --name SSH -j denylog > > > > Creates a whilelist of one or more networks. All others are subject to > inspection. More than 4 hits within 60 seconds are denied. In case of 60 > seconds without a hit, this rule is automatically cleared again. That's > the magic of the "recent"-module of iptables. It works for me - and it's > very useful! > > Thanks, > > rrs -- phil
Attachment:
signature.asc
Description: OpenPGP digital signature