iptables not behaving the way I expected
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello, all
I've set my SSH to accept only public key authorization, and forwarded
port 22 from the Big Bad Internet to my Debian box. Predictably, I'm
being hit by a lot of dictionary attempts to log in. A while back,
someone posted a link in this list to a blog that gave an Iptables
recipe to limit connections to 5 per minute per IP address. So, I issued
the commands:
iptables -A INPUT -i ethLRZ -p tcp --dport 22 -m state --state NEW \
-m recent --set --name SSH
iptables -A INPUT -i ethLRZ -p tcp --dport 22 -m state --state NEW \
-m recent --update --seconds 60 --hitcount 5 --rttl --name SSH \
-j DROP
but that didn't throttle back the attempts. I tried '-i eth0' instead of
ethLRZ, but no effect.
'iptables -L' shows:
Chain INPUT (policy ACCEPT)
target prot opt source destination
tcp -- anywhere anywhere tcp dpt:ssh state NEW
recent: SET name: SSH side: source
DROP tcp -- anywhere anywhere tcp dpt:ssh state NEW
recent: UPDATE seconds: 60 hit_count: 5 TTL-Match name: SSH side: source
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
It looks right to my (non-expert) eye. Can anyone see what I've done wrong?
Oh, yeah - I'm running Sarge, in case that makes a difference.
- --
Jim Hyslop
Dreampossible: Better software. Simply. http://www.dreampossible.ca
Consulting * Mentoring * Training in
C/C++ * OOD * SW Development & Practices * Version Management
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGJn2NLdDyDwyJw+MRAqMEAKDusRW4V+xzWrD1SV4yLKL1Ab7stwCgly78
ErGIN0SHBCjWEAOWYq1sjBk=
=nRrS
-----END PGP SIGNATURE-----
Reply to: