[Gllug] iptables: conditional rate limiting
Alain Williams
addw at phcomp.co.uk
Fri Feb 13 15:35:32 UTC 2009
I currenty rate limit new connections to ssh using iptables.
What I should really be doing is to rate limit *failed* connections.
I would then like to extend this to imaps & maybe others
Any idea how this could be done.
I currently do this:
iptables -A In_ssh -m recent -m state --state NEW --hitcount 3 --seconds 180 --update -j DROP
iptables -A In_ssh -m recent -m state --set --state NEW -j ACCEPT
iptables -A In_ssh -j DROP
In_ssh is a special table to which ssh connections go:
iptables -A In_tcp -p TCP --dport ssh -j In_ssh # Process specially
--
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 http://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php
Past chairman of UKUUG: http://www.ukuug.org/
#include <std_disclaimer.h>
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list