[CentOS] iptables rules to limit attack
chloe K
chloekcy2000 at yahoo.ca
Thu Feb 26 18:45:55 UTC 2009
Thank you
Can I know how to define the "SSH_CHECK"
and white list?
I only know to use iptables -A
Thank you
Andrew Hull <list at racc2000.com> wrote:
chloe K wrote:
> Hi all
>
> ks there iptables rules to limit attack?
>
> Thank you
>
Hi,
Below is an example that I use to limit the rate of new connections to a
particular port/service. You should be able to mold this to work with
whatever service you would like to protect.
Add the first line to your main input chain. This will limit new
connections to tcp/22 to a rate of 4/minute/uniqueIP.
Another benefit for me, is that this uses the modules that come with the
CentOS stock kernel... no extra mussing to get it to work.
Andy
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 22 /
--state NEW -j SSH_CHECK
-A SSH_CHECK -s *WHITELIST ADDRESSES* -j ACCEPT
-A SSH_CHECK -m recent --set --name SSH --rsource
-A SSH_CHECK -m recent -j LOG --log-prefix "SSH Drop " /
--update --seconds 60 --hitcount 4 --name SSH --rsource
-A SSH_CHECK -m recent -j DROP --update --seconds 60 --hitcount /
4 --name SSH --rsource
-A SSH_CHECK -j ACCEPT
_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos
---------------------------------
Looking for the perfect gift? Give the gift of Flickr!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20090226/088032fc/attachment.html>
More information about the CentOS
mailing list