Friday, September 25, 2015

linux - Are the following two iptables rules equivalent?

There are articles such as this which suggest something of the form of these iptables rules to block too many SSH connections made in a short time:



-I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
-I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent  --update --seconds 60 --hitcount 4 -j DROP



According to the article, "[these rules] will block an IP if it attempts more than 3 new connections per minute to SSH."



If iptables' INPUT chain is configured to a default policy of DROP, will the following rule perform equivalently as the previously shown rules?



-I INPUT -p tcp --dport 22 -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 1 -j ACCEPT
-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...