Evan Hoffman's silly writings. » firewall http://www.evanhoffman.com/evan When 3-nines uptime is just way too much. Mon, 06 Sep 2010 00:36:39 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 iptables rules for rate-limiting SSH connections http://www.evanhoffman.com/evan/2009/05/11/iptables-rules-for-rate-limiting-ssh-connections/ http://www.evanhoffman.com/evan/2009/05/11/iptables-rules-for-rate-limiting-ssh-connections/#comments Mon, 11 May 2009 20:39:22 +0000 evan http://www.evanhoffman.com/evan/?p=101 This is what I use on my CentOS boxes/VMs, it rate-limits the connections and also rate-limits the log messages (to prevent attacks that attempt to fill up the server’s disk).

iptables -F
iptables -X
iptables -N LOGDROP #Create the LOGDROP chain
iptables -A LOGDROP -m limit --limit 1/s -j LOG --log-prefix "LOGDROP: " # Rate-limit the logging so the logs don't fill up the server
iptables -A LOGDROP -j DROP
iptables -I INPUT -p tcp --dport 22 -s 10.0.0.0/16 -j ACCEPT # Allow everything from the internal network
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set # create the "bucket"
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j LOGDROP # if there are more than 4 connection attempts in 60 seconds from a given address, log-drop it.

After issuing these commands I run /etc/init.d/iptables save, that persists the rules to … somewhere. Alternatively I sometimes put all the above commands in some bash script and just call it from /etc/rc.local.

]]> http://www.evanhoffman.com/evan/2009/05/11/iptables-rules-for-rate-limiting-ssh-connections/feed/ 0