Sunday, October 8, 2017

linux - how to limit traffic if port different than 8080?




I'm using this rules to slow down nmap scan



iptables -A INPUT -p tcp -i eth0 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp -i eth0 -m state --state NEW -m recent --update --seconds 30 --hitcount 10 -j DROP
iptables -A FORWARD -p tcp -i eth0 -m state --state NEW -m recent --set
iptables -A FORWARD -p tcp -i eth0 -m state --state NEW -m recent --update --seconds 30 --hitcount 10 -j DROP


It works well , but the port 8080 have big activity and I want to ignoe it in the hitcount.

I want to have somethingn like that:



iptables -A INPUT -p tcp --dport!=8080 -i eth0 -m state --state NEW -m recent --set



Thanks


Answer



You can do this using either by writing your rules like:



iptables -A INPUT -p tcp -i eth0 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp -i eth0 -m state --state NEW -m recent --update --seconds 30 --hitcount 10 -j DROP

iptables -A FORWARD -p tcp ! --dport 8080 -i eth0 -m state --state NEW -m recent --set
iptables -A FORWARD -p tcp ! --dport 8080 -i eth0 -m state --state NEW -m recent --update --seconds 30 --hitcount 10 -j DROP


or alternatively, you can add new rules for the excluded ports (BEFORE your rules):



iptables -A INPUT -p tcp --dport 8080 -i eth0 -m state --state NEW -j ACCEPT
iptables -A FORWARD -p tcp --dport 8080 -i eth0 -m state --state NEW -j ACCEPT



The second way will make it easier for you to add more exceptions.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...