KGy
30-04-2007, 10:28
Hi. Sorry my english.
Yesterday somebody try login my router on ssh. I like use iptables for solve this problem.
Drop tcp packets if:
state new
and
time limit: 300 seconds
and
packest: 4 (4 where state=new)
I read this code somewere but not working:
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
iptables: No chain/target/match by than name
I try solve problem:
iptables -I SECURITY -p tcp --dport 22 -i ppp0 -m state --state NEW -m limit --limit 300/second --limit-burst 4 -j DROP
Oleg, please check this - the command to do what I like?
Thanks, George
Yesterday somebody try login my router on ssh. I like use iptables for solve this problem.
Drop tcp packets if:
state new
and
time limit: 300 seconds
and
packest: 4 (4 where state=new)
I read this code somewere but not working:
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
iptables: No chain/target/match by than name
I try solve problem:
iptables -I SECURITY -p tcp --dport 22 -i ppp0 -m state --state NEW -m limit --limit 300/second --limit-burst 4 -j DROP
Oleg, please check this - the command to do what I like?
Thanks, George