There are articles such as this which suggest something of the form of these iptables rules to block too many SSH connections made in a short time:
-I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
-I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
According to the article, "[these rules] will block an IP if it attempts more than 3 new connections per minute to SSH."
If iptables' INPUT chain is configured to a default policy of DROP, will the following rule perform equivalently as the previously shown rules?
-I INPUT -p tcp --dport 22 -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 1 -j ACCEPT
No comments:
Post a Comment