I need to ensure on my server that maximum new ssh connections per minute are not more then 5.
sudo /sbin/iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 5 -j REJECT
Above IPtables rule work for me, but it will not allow new connections after one minute.
Any pointers how to achieve this?
# SSH Anti-Bruteforce
# Next create a limiting rule. I limit to 3 hits in 60 seconds for ssh with this
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ssh-whitelist
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 --rttl --name SSH -j LOG --log-level info --log-prefix "Anti SSH-Bruteforce: "
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 --rttl --name SSH -j DROP
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments