> On 12.11.2011, Roger wrote: > >> Is there a way to limit: >> -number of log in attempts to 2, >> -the duration of a log in attempt to 3 seconds or less >> -the number of times a username can be tried, prefer it set at 2 and >> then not again for 24 hours if it fails. > [....] Here is what I use, its slightly different than what you asked for, but it works. -A local_input_filter -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -m recent --set --name SSH --rsource -A local_input_filter -m recent --update --seconds 40 --hitcount 3 --name SSH --rsource -j DROP If someone tries to login 3 times within 40 seconds then ant further attempts will be dropped. After 40 seconds they can try three more times. I prefer this so if I manage to trigger the rule myself I only have to wait a minute before I can login in again. Usually scripts that try to break in try repeatedly in rapid succession. I like to keep my iptables rules separated from the rest or the rules, so I add a separate chain and jump to that chain at the top of the iptables file. :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [111266:23783263] :local_input_filter - [0:0] -A INPUT -j local_input_filter Some of the other things suggested in this thread are also good ideas. Set the ssh port to something other than 22 (some high number like 32291), not allowing root login, requiring a key to login, etc. I had a system that was subjected to many attempts to connect via ssh, and adding those two rules, plus moving the ssh port reduced the attempts to a trickle. Cheers, Mike -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
