[CentOS] iptables rules to limit attack
Andrew Hull
list at racc2000.com
Thu Feb 26 19:41:18 UTC 2009
chloe K wrote:
> Thank you
>
> Can I know how to define the "SSH_CHECK"
> and white list?
>
> I only know to use iptables -A
>
> Thank you
>
Hello,
When you're entering the rules from the CLI, the first time you
reference a chain, you need to use -N (for "new") instead of -A (for
"append").
So, using my example....
#iptables -N SSH_CHECK -s *WHITELIST ADDRESSES* -j ACCEPT
#iptables -A SSH_CHECK -m recent --set --name SSH --rsource
and so on.
I use the first line of the SSH_CHECK chain to keep from accidentally
locking myself out of my server.
If, for instance, I have control and trust over a particular IP address
or subnet, I can use the first line to explude them from being
rate-limited...
#iptables -N SSH_CHECK -s 127.219.24.149 -j ACCEPT
or
#iptables -N SSH_CHECK -s 127.247.67.0/24 -j ACCEPT
(ip addresses changed to protect the innocent)
I think that'll do you,
Andy
More information about the CentOS
mailing list