-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>> "Marco" == Marco Meyerhofer <marco_meyerhofer@xxxxxxxxxxx> writes: Marco> I recently set up some rules. I know they could be abused for Marco> dos, but for me this is a minor problem. Warning: I am not Marco> sure if they work correct, or if they make some problems. Marco> # SSH brute force protection $EXT_IF Marco> $IPTABLES -N ssh_brute Marco> $IPTABLES -A INPUT -i $EXT_IF -p tcp --dport 22 -m state --state NEW -j ssh_brute Marco> $IPTABLES -A ssh_brute -m recent --set Marco> $IPTABLES -A ssh_brute -m recent --update --seconds 120 ! --hitcount 4 -j RETURN Marco> $IPTABLES -A ssh_brute -m limit -j LOG --log-prefix "ssh bruteforce " Marco> $IPTABLES -A ssh_brute -j DROP A better rule (IMHO), I use: $IPTABLES -A INPUT -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m state --state NEW -j ACCEPT This has the advantage of only blocking the offending IP if they go over 1/min, but letting all other ip's still have access until they go over the limit. kevin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/> iD8DBQFC+M5P3imCezTjY0ERApEgAJ9lDrUDdOVVYjz7kokJlntU8xj33gCbBvZT dUgowokLV9sWB6mLIf4+O2M= =ajK2 -----END PGP SIGNATURE----- -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-test-list