Michelle Konzack wrote at 2012-08-19 13:40 -0500: > Oops... I have locked me out! > > I am right, this DROP from any IP addresses connections, if there are > more then 3 at the same time? > > My automated scripts and several 100 embedded security systems hit the > limits. Using the recent module, you can limit the number of new connection attempts per IP address in n seconds. The following (not tested) allows only 8 new connection attempts per source IP address in 5 minutes. iptables -N SSH_CHECK iptables -N SSH_REJECTED iptables -A INPUT -p tcp --dport ssh --match state --state NEW -j SSH_CHECK iptables -A INPUT -p tcp --dport ssh --match state --state RELATED,ESTABLISHED -j ACCEPT iptables -A SSH_CHECK -p tcp --match recent --name SSH --set iptables -A SSH_CHECK -p tcp --match recent --name SSH --update --seconds 300 --hitcount 8 -j SSH_REJECTED iptables -A SSH_CHECK -p tcp -j ACCEPT iptables -A SSH_REJECTED -p tcp --match limit --limit 1/second -j LOG --log-prefix Rejected-ssh_ --log-level notify iptables -A SSH_REJECTED -p tcp -j DROP
Attachment:
signature.asc
Description: Digital signature