If you want to prevent SSH being brute forced use keys?
IPTables Question....
Im trying to keep my routers HTTPS port and SSH port from being brute forced. Say like only allow 3 failed connections a minute or something like that. I entered in these IPTable rules but the dont seem to work? I have tried on the WAN side, still no go....
Anyone notice anything that would cause these to fail?iptables -N rate_limit
iptables -F rate_limit
iptables -A rate_limit -p tcp --dport xx -m limit --limit 3/min --limit-burst 3 -j ACCEPT
iptables -A rate_limit -p tcp --dport xxx -m limit --limit 3/min --limit-burst 3 -j ACCEPT
iptables -A rate_limit -p tcp -j REJECT --reject-with tcp-reset
iptables -A rate_limit -j DROP
iptables -I INPUT -p tcp --dport xx -m state --state NEW -j rate_limit
iptables -I INPUT -p tcp --dport xxx -m state --state NEW -j rate_limit
QUOTE=cybrsnpr;118082]I think you have the right idea, but I also think you are really trying to kill a gnat with a small nuclear device!
If you want to prevent SSH being brute forced use keys?
wtf?
KK, ill try that. Also I did use google, what I tried was the best i could come up with, but the first link looks pretty good.
Thanks.
Also Keys might be a good idea, but it just sounds like a pain to have to pull them off my pendrive each time. Well see.
QUOTE=cybrsnpr;118082]I think you have the right idea, but I also think you are really trying to kill a gnat with a small nuclear device!
Hey >Dart>, dont see anything wrong with it right off the bat. maybe I should review at an earlier hour and after less to drink
but another way to do it that i have has success with, you may have to modprobe ipt_limit or ipt_state for the recent tag....maybe not, cant remember:
#ssh chain to limit login attempt rate
$IPTABLES -N SSH_CHECK
$IPTABLES -A INPUT -p tcp --dport xxx -m state --state NEW -j SSH_CHECK
$IPTABLES -A SSH_CHECK -m recent --set --name SSH
$IPTABLES -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP
Posting Permissions
