[CentOS] iptables rules to limit attack

Thu Feb 26 19:41:18 UTC 2009
Andrew Hull <list at racc2000.com>

chloe K wrote:
> Thank you
>  
> Can I know how to define the "SSH_CHECK"
> and white list?
>  
> I only know to use iptables -A
>  
> Thank you
> 

Hello,
When you're entering the rules from the CLI, the first time you 
reference a chain, you need to use -N (for "new") instead of -A (for 
"append").

So, using my example....

#iptables -N SSH_CHECK -s *WHITELIST ADDRESSES* -j ACCEPT
#iptables -A SSH_CHECK -m recent --set --name SSH --rsource

and so on.

I use the first line of the SSH_CHECK chain to keep from accidentally 
locking myself out of my server.

If, for instance, I have control and trust over a particular IP address 
or subnet, I can use the first line to explude them from being 
rate-limited...

#iptables -N SSH_CHECK -s 127.219.24.149 -j ACCEPT
or
#iptables -N SSH_CHECK -s 127.247.67.0/24 -j ACCEPT
(ip addresses changed to protect the innocent)

I think that'll do you,
Andy