Hello!
I need help!
I have got a Wl-500gp v2 router.
I need iptable with secure.
Every day somebody try to login or connent to my server.
I have 2 idea:
- 3x attempt, next will block, logg to backlist and no more connection from ip.
- 3x attempt, next will block at 3 minute, logg to backlist and you can try again.
Please help my!
Thanks
Do not think very difficult solution.
I have these firewall codes, but do not works:
1,
ptables -A INPUT -p tcp ?dport 22 -s 192.168.1.107 -j ACCEPT
iptables -A INPUT -i $EXT_IF -d IPCIMED -p tcp --dport 22 -m recent --rcheck --seconds 60 --hitcount 6 --name SSH -j LOG --log-prefix "SSH_BruteForce "
iptables -A INPUT -i $EXT_IF -d IPCIMED -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 6 --name SSH -j DROP
iptables -A INPUT -i $EXT_IF -d IPCIMED -p tcp --syn --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT
2,
iptables -N SSHSCAN
iptables -A INPUT -p tcp --dport 22 -m state Ėstate NEW -j SSHSCAN
iptables -A SSHSCAN -m recent Ėset Ėname SSH
iptables -A SSHSCAN -m recent Ėupdate Ėseconds 300 Ėhitcount 3 Ėname SSH -j DROP
Can anybody help?