[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: fail2ban increase loadaverage to 18

Michelle Konzack wrote at 2012-08-19 13:40 -0500:
> Oops... I have locked me out!
> I am right, this DROP from any IP addresses connections,  if  there  are
> more then 3 at the same time?
> My automated scripts and several 100 embedded security  systems  hit  the
> limits.

Using the recent module, you can limit the number of new connection attempts 
per IP address in n seconds.  The following (not tested) allows only 8 new 
connection attempts per source IP address in 5 minutes.

iptables -N SSH_CHECK
iptables -N SSH_REJECTED
iptables -A INPUT -p tcp --dport ssh --match state --state NEW -j SSH_CHECK
iptables -A INPUT -p tcp --dport ssh --match state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A SSH_CHECK -p tcp --match recent --name SSH --set
iptables -A SSH_CHECK -p tcp --match recent --name SSH --update --seconds 300 --hitcount 8 -j SSH_REJECTED
iptables -A SSH_CHECK -p tcp -j ACCEPT
iptables -A SSH_REJECTED -p tcp --match limit --limit 1/second -j LOG --log-prefix Rejected-ssh_ --log-level notify
iptables -A SSH_REJECTED -p tcp -j DROP

Attachment: signature.asc
Description: Digital signature

Reply to: