Iptables tips and tricks

From LinuxReviews

Jump to: navigation, search

[edit] Limiting the number of connections

If you are using SSH then you will sooner or later notice someone trying to hack into your box using dictionary attacks.

You can use the iptables module recent to limit a minimum time between new connections from the same IP.

To make this work, you should have this commonly used rule (this allows previously established connections and is a normal rule in most firewalls): 

 iptables -A INPUT -j ACCEPT -p tcp ! --syn -s 0/0 -d (outer ip/net)

Now, to set the limit: 

 iptables -A INPUT -p tcp -i eth0 -m state --state NEW --dport 22 -m recent --update --seconds 15 -j DROP
 iptables -A INPUT -p tcp -i eth0 -m state --state NEW --dport 22 -m recent --set -j ACCEPT

These two rules makes iptables require 15 seconds between new connections from the same IP on port 22 (the SSH port). Use ACCEPT instread if you are using a firewall that has it's own rule for accepting ssh.

Another way of limiting dictionary attacks is to limit using -m limit --limit <rate> like this: 

 iptables -A INPUT -p tcp --dport ssh -m limit --limit 3/minute --limit-burst 2 -j ACCEPT

This rule does the trick of setting a limit of 3 connectoins pr minute, but the first two connections will exhaust the limit-burst, so the rule effectively limits the connection attempt rate to 1/minute.

Retrieved from "http://en.linuxreviews.org/Iptables_tips_and_tricks"
Personal tools
Privacy policy
linux events
ipv6

Meet New People

Live Webcams

Linux Reviews
IPv6

Search:

linux newz | random page | poetry | free blog | adult dating

You are using a insecure IPv4 connection. Click here to enable SSL encryption..
You can also connect secure and anonymously if you are using Tor.