iptables in linux
dmikewilliams at gmail.com
Sat Nov 12 21:58:47 UTC 2011
> On 12.11.2011, Roger wrote:
>> Is there a way to limit:
>> -number of log in attempts to 2,
>> -the duration of a log in attempt to 3 seconds or less
>> -the number of times a username can be tried, prefer it set at 2 and
>> then not again for 24 hours if it fails.
Here is what I use, its slightly different than what you asked for,
but it works.
-A local_input_filter -p tcp -m tcp --dport 22 --tcp-flags
FIN,SYN,RST,ACK SYN -m recent --set --name SSH --rsource
-A local_input_filter -m recent --update --seconds 40 --hitcount 3
--name SSH --rsource -j DROP
If someone tries to login 3 times within 40 seconds then ant further
attempts will be dropped. After 40 seconds they can try three more
times. I prefer this so if I manage to trigger the rule myself I only
have to wait a minute before I can login in again.
Usually scripts that try to break in try repeatedly in rapid succession.
I like to keep my iptables rules separated from the rest or the rules,
so I add a separate chain and jump to that chain at the top of the
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [111266:23783263]
:local_input_filter - [0:0]
-A INPUT -j local_input_filter
Some of the other things suggested in this thread are also good ideas.
Set the ssh port to something other than 22 (some high number like
32291), not allowing root login, requiring a key to login, etc.
I had a system that was subjected to many attempts to connect via ssh,
and adding those two rules, plus moving the ssh port reduced the
attempts to a trickle.
More information about the users