Re: iptables rules to limit attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



chloe K wrote:
> Hi all
>  
> ks there iptables rules to limit attack?
>  
> Thank you
> 

Hi,
Below is an example that I use to limit the rate of new connections to a 
particular port/service. You should be able to mold this to work with 
whatever service you would like to protect.

Add the first line to your main input chain. This will limit new 
connections to tcp/22 to a rate of 4/minute/uniqueIP.

Another benefit for me, is that this uses the modules that come with the 
CentOS stock kernel... no extra mussing to get it to work.

Andy





-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 22 /
  --state NEW -j SSH_CHECK

-A SSH_CHECK -s *WHITELIST ADDRESSES* -j ACCEPT
-A SSH_CHECK -m recent  --set --name SSH --rsource
-A SSH_CHECK -m recent -j LOG  --log-prefix "SSH Drop "  /
  --update --seconds 60 --hitcount 4 --name SSH --rsource
-A SSH_CHECK -m recent -j DROP  --update --seconds 60 --hitcount /
  4 --name SSH --rsource
-A SSH_CHECK -j ACCEPT
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux