crazy hackers and logwatch
Marco Meyerhofer
marco_meyerhofer at freesurf.ch
Tue Aug 9 13:27:05 UTC 2005
I recently set up some rules.
I know they could be abused for dos, but for me this is a minor problem.
Warning: I am not sure if they work correct, or if they make some
problems.
-------------- next part --------------
# SSH brute force protection $EXT_IF
$IPTABLES -N ssh_brute
$IPTABLES -A INPUT -i $EXT_IF -p tcp --dport 22 -m state --state NEW -j ssh_brute
$IPTABLES -A ssh_brute -m recent --set
$IPTABLES -A ssh_brute -m recent --update --seconds 120 ! --hitcount 4 -j RETURN
$IPTABLES -A ssh_brute -m limit -j LOG --log-prefix "ssh bruteforce "
$IPTABLES -A ssh_brute -j DROP
More information about the test
mailing list