Securing SSH access
Chris Carey
chris.carey at gmail.com
Mon Mar 31 17:11:29 MDT 2008
On Mon, Mar 31, 2008 at 4:27 PM, Kyle Waters <unum at unum5.org> wrote:
> Dave Smith wrote:
> >
> > Interesting! Would you be able to post those iptables commands?
>
> I'm afraid I'm lazy and use shorewall. So someone who's better with
> IPTables then I am may be able to post them.
Forgive me if there are any stupid errors here, but something like
this may work. Then again, it may also prevent you from logging into
your server...
# SSH Rate Limiting
iptables -A INPUT -p tcp --dport 22 -m limit --limit 50/s -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m limit --limit 6/m -j LOG
--log-prefix "DROP [SSH] "
iptables -A INPUT -p tcp --dport 22 -j DROP
More information about the PLUG
mailing list