IPTables Question....

Im trying to keep my routers HTTPS port and SSH port from being brute forced. Say like only allow 3 failed connections a minute or something like that. I entered in these IPTable rules but the dont seem to work? I have tried on the WAN side, still no go....

Quote:

---

iptables -N rate_limit
iptables -F rate_limit
iptables -A rate_limit -p tcp --dport xx -m limit --limit 3/min --limit-burst 3 -j ACCEPT
iptables -A rate_limit -p tcp --dport xxx -m limit --limit 3/min --limit-burst 3 -j ACCEPT
iptables -A rate_limit -p tcp -j REJECT --reject-with tcp-reset
iptables -A rate_limit -j DROP

iptables -I INPUT -p tcp --dport xx -m state --state NEW -j rate_limit
iptables -I INPUT -p tcp --dport xxx -m state --state NEW -j rate_limit

---

Anyone notice anything that would cause these to fail?

If you want to prevent SSH being brute forced use keys?

http://blog.andrew.net.au/2005/02/16

http://www.google.com/search?q=iptab...ient=firefox-a

KK, ill try that. Also I did use google, what I tried was the best i could come up with, but the first link looks pretty good.

Thanks.

Also Keys might be a good idea, but it just sounds like a pain to have to pull them off my pendrive each time. Well see.

Hey >Dart>, dont see anything wrong with it right off the bat. maybe I should review at an earlier hour and after less to drink :)

but another way to do it that i have has success with, you may have to modprobe ipt_limit or ipt_state for the recent tag....maybe not, cant remember:

#ssh chain to limit login attempt rate
$IPTABLES -N SSH_CHECK
$IPTABLES -A INPUT -p tcp --dport xxx -m state --state NEW -j SSH_CHECK
$IPTABLES -A SSH_CHECK -m recent --set --name SSH
$IPTABLES -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP