Hi, currently i am using this iptables rule:
#will permit only 1 new connection per IP per 5 seconds
-I INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
-I INPUT -p tcp --dport 22 -m state --state NEW -m recent --update
--seconds 5 --hitcount 2 -j DROP
And i want to use nftables instead, but i only found this syntax:
... limit rate over 1/second drop
... limit rate over 12/minute drop
But that's not really what i want. I want it to account only connections
for last 5 seconds, so if i do 12 connections in 1 second, i don't have
to wait for a minute to unblock again. When i used iptables-nft to load
the iptable example mentioned earlier, it produced this:
table ip filter {
chain INPUT {
type filter hook input priority 0; policy accept;
meta l4proto tcp tcp dport 22 ct state new # recent: UPDATE seconds: 5
hit_count: 2 name: DEFAULT side: source mask: 255.255.255.255 counter
packets 61 bytes 3644 drop
meta l4proto tcp tcp dport 22 ct state new # recent: SET name: DEFAULT
side: source mask: 255.255.255.255 counter packets 9896 bytes 588702
}
...
}
I don't really know what that means, it seems to be some hack to use
xtables module called "recent" as i was doing previously in iptables.
using that "meta" statement and comment at the end of the line.
I would rather have pure nftables implementation of this, without using
any legacy iptables modules.
Do you think it is possible to limit ssh to 1 connection per src ip per
5 seconds?
Thanks
--
S pozdravem
Best regards
Tomáš Mudruňka - SPOJE.NET s.r.o.
