Kept digging and I found a syntax that at least does not get rejected..
Here's hoping it works:
iptables -A INPUT -i eth0 -p tcp --destination-port 22 \
-m limit --limit 6/hour --limit-burst 2
<EOL>
Tib
On Tue, 25 Jan 2005, Tib wrote:
>
> Ok.. looked at my other rules and came up with this instead.. but it still
> complains:
>
> iptables -A INPUT -i eth0 -p tcp --destination-port 22 \
> --limit 6/hour --limit-burst 2
>
> iptables v1.2.6a: Unknown arg `--limit'
> Try `iptables -h' or 'iptables --help' for more information.
>
> Help would be much appreciated :]
>
> <EOL>
> Tib
>
>
> On Tue, 25 Jan 2005, Tib wrote:
>
> >
> > I'd like to use the --limit and --limit-burst options to protect my sshd
> > from dictionary password attacks. Considering the userbase and activity
> > level I'd say that something like this would suit me just fine.
> >
> > --limit 6/hour
> > --limit-burst 2
> >
> > This would limit it to two connect/login attempts at first, and then one
> > more every 10 minutes.. correct?
> >
> > Would this be the proper command to use? I'm trying to just limit
> > connections from the outside world, not from the local network, hence the
> > address as a destination:
> >
> > iptables -A INPUT --d 66.80.174.210 --dport 22 \
> > --limit 6/hour --limit-burst 2
> >
> >
> > <EOL>
> > Tib
> >
>
