Results 1 to 5 of 5

Thread: IPTables Question....

Hybrid View

  1. #1
    Junior Member
    Join Date
    Mar 2008
    Posts
    94

    Default IPTables Question....

    Im trying to keep my routers HTTPS port and SSH port from being brute forced. Say like only allow 3 failed connections a minute or something like that. I entered in these IPTable rules but the dont seem to work? I have tried on the WAN side, still no go....
    iptables -N rate_limit
    iptables -F rate_limit
    iptables -A rate_limit -p tcp --dport xx -m limit --limit 3/min --limit-burst 3 -j ACCEPT
    iptables -A rate_limit -p tcp --dport xxx -m limit --limit 3/min --limit-burst 3 -j ACCEPT
    iptables -A rate_limit -p tcp -j REJECT --reject-with tcp-reset
    iptables -A rate_limit -j DROP

    iptables -I INPUT -p tcp --dport xx -m state --state NEW -j rate_limit
    iptables -I INPUT -p tcp --dport xxx -m state --state NEW -j rate_limit
    Anyone notice anything that would cause these to fail?
    QUOTE=cybrsnpr;118082]I think you have the right idea, but I also think you are really trying to kill a gnat with a small nuclear device!

  2. #2
    Member
    Join Date
    Nov 2007
    Posts
    220

    Default

    If you want to prevent SSH being brute forced use keys?
    wtf?

  3. #3

  4. #4
    Junior Member
    Join Date
    Mar 2008
    Posts
    94

    Default

    KK, ill try that. Also I did use google, what I tried was the best i could come up with, but the first link looks pretty good.

    Thanks.

    Also Keys might be a good idea, but it just sounds like a pain to have to pull them off my pendrive each time. Well see.
    QUOTE=cybrsnpr;118082]I think you have the right idea, but I also think you are really trying to kill a gnat with a small nuclear device!

  5. #5
    Junior Member the_rooster's Avatar
    Join Date
    Apr 2008
    Posts
    25

    Default

    Hey >Dart>, dont see anything wrong with it right off the bat. maybe I should review at an earlier hour and after less to drink

    but another way to do it that i have has success with, you may have to modprobe ipt_limit or ipt_state for the recent tag....maybe not, cant remember:

    #ssh chain to limit login attempt rate
    $IPTABLES -N SSH_CHECK
    $IPTABLES -A INPUT -p tcp --dport xxx -m state --state NEW -j SSH_CHECK
    $IPTABLES -A SSH_CHECK -m recent --set --name SSH
    $IPTABLES -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •