wolfie
05-01-2006 19:25:12
This little jewel helps with brute force ssh attempts
$IPTABLES -A INPUT -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m state --state NEW -j ACCEPT
you need to make sure your kernel has the hashlimit module of course, but besides that it should work just fine. Make sure $IPTABLES is defined if you cut and paste this :)
$IPTABLES -A INPUT -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m state --state NEW -j ACCEPT
you need to make sure your kernel has the hashlimit module of course, but besides that it should work just fine. Make sure $IPTABLES is defined if you cut and paste this :)