<DIV>Thank you</DIV> <DIV> </DIV> <DIV>Can I know how to define the "SSH_CHECK"</DIV> <DIV>and white list?</DIV> <DIV> </DIV> <DIV>I only know to use iptables -A</DIV> <DIV> </DIV> <DIV>Thank you<BR><BR><B><I>Andrew Hull <list@racc2000.com></I></B> wrote:</DIV> <BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">chloe K wrote:<BR>> Hi all<BR>> <BR>> ks there iptables rules to limit attack?<BR>> <BR>> Thank you<BR>> <BR><BR>Hi,<BR>Below is an example that I use to limit the rate of new connections to a <BR>particular port/service. You should be able to mold this to work with <BR>whatever service you would like to protect.<BR><BR>Add the first line to your main input chain. This will limit new <BR>connections to tcp/22 to a rate of 4/minute/uniqueIP.<BR><BR>Another benefit for me, is that this uses the modules that come with the <BR>CentOS stock kernel... no extra mussing to get it
to work.<BR><BR>Andy<BR><BR><BR><BR><BR><BR>-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 22 /<BR>--state NEW -j SSH_CHECK<BR><BR>-A SSH_CHECK -s *WHITELIST ADDRESSES* -j ACCEPT<BR>-A SSH_CHECK -m recent --set --name SSH --rsource<BR>-A SSH_CHECK -m recent -j LOG --log-prefix "SSH Drop " /<BR>--update --seconds 60 --hitcount 4 --name SSH --rsource<BR>-A SSH_CHECK -m recent -j DROP --update --seconds 60 --hitcount /<BR>4 --name SSH --rsource<BR>-A SSH_CHECK -j ACCEPT<BR>_______________________________________________<BR>CentOS mailing list<BR>CentOS@centos.org<BR>http://lists.centos.org/mailman/listinfo/centos<BR></BLOCKQUOTE><BR><p>
<hr size=1>
Looking for the perfect gift?<a href="http://www.flickr.com/gift/"><b> Give the gift of Flickr!</b></a>