iptables is built on top of netfilter, iptables is the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.
If you are using SSH then you will sooner or later notice someone trying to hack into your box using dictionary attacks. You can use the iptables module recent to limit a minimum time between new connections from the same IP.
To make this work, you should have this commonly used rule (this allows previously established connections and is a normal rule in most firewalls):
Another way of limiting dictionary attacks is to limit using -m limit --limit like this:
If you are using SSH then you will sooner or later notice someone trying to hack into your box using dictionary attacks. You can use the iptables module recent to limit a minimum time between new connections from the same IP.
To make this work, you should have this commonly used rule (this allows previously established connections and is a normal rule in most firewalls):
iptables -A INPUT -j ACCEPT -p tcp ! --syn -s 0/0 -d (outer ip/net)Now, to set the limit:
iptables -A INPUT -p tcp -i eth0 -m state --state NEW --dport 22 -m recent --update --seconds 15 -j DROPThese two rules makes iptables require 15 seconds between new connections from the same IP on port 22 (the SSH port). Use ACCEPT instead if you are using a firewall that has it's own rule for accepting ssh.
iptables -A INPUT -p tcp -i eth0 -m state --state NEW --dport 22 -m recent --set -j ACCEPT
Another way of limiting dictionary attacks is to limit using -m limit --limit
iptables -A INPUT -p tcp --dport ssh -m limit --limit 3/minute --limit-burst 2 -j ACCEPTThis rule does the trick of setting a limit of 3 connectoins pr minute, but the first two connections will exhaust the limit-burst, so the rule effectively limits the connection attempt rate to 1/minute.
0 comments:
Post a Comment