[WBEL-users] WBEL 3.0 iptables [SSH Dictionary attacks followup]
Vic
whitebox at beer.org.uk
Mon Jul 10 04:24:52 CDT 2006
> I read a thread from back in March, where a couple of you discussed
> adding a couple of rules to iptables to rate-limit ssh connections via
> the use of libipt_recent.so in the config.
That's not how I do it.
I have a rule that runs a chain called ssh whenever someone tries a new
ssh connection :-
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 22 --state NEW -j ssh
Then I have a list of whitelisted IP addresses in that chain :-
# Vic's home
-A ssh -s 213.232.80.166 -j ACCEPT
Then I have a rule allowing a few connection attempts per minute :-
-A ssh -p tcp -m tcp -m limit -m state --limit 2/minute --limit-burst 2
--state NEW -j ACCEPT
Then I drop anything that hasn't been allowed :-
-A ssh -j DROP
This runs just fine on WBEL3 (which is where I first trialled the idea).
Vic.
More information about the Whitebox-users
mailing list