[wplug] iptables sanity check
Duncan Hutty
dhutty at ece.cmu.edu
Sun Dec 26 21:38:08 EST 2010
On 12/23/10 2:17 PM, Drew from Zhrodague wrote:
> Looks okay to me. Does it work? You can test with nmap from an outside
> host.
>
> Also, I suggest installing an sshblock script to keep the brute forcers
> out.
Here's something that I like instead of using a script to block ssh
brute forcers:
#Store IP addresses that are initiating SSH connections and drop packets
from those addresses if new connections are coming in too fast (>4 in 2
minutes):
iptables -I INPUT -i $EXT_IP -p tcp --dport 22 -m state --state NEW -m
recent --set --name DEFAULT --rsource
iptables -I INPUT -i $EXT_IP -p tcp --dport 22 -m state --state NEW -m
recent --update --seconds 120 --hitcount 5 --name DEFAULT --rsource -j DROP
--
Duncan Hutty
Senior System Administrator, ECE
Carnegie Mellon University
More information about the wplug
mailing list