fail2ban ??

Corey Edwards tensai at zmonkey.org
Fri Apr 12 10:08:06 MDT 2013


On 04/12/2013 09:25 AM, Michael Torrie wrote:
> iptables itself can also do rate-limiting of connections.  For example,
> here're rules that rate-limits ssh attempts:
> 
> iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
> 
> iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
> --update --seconds 60 --hitcount 10 -j LOG --log-prefix "blocked ssh
> after too many connection attempts in 60 seconds."
> 
> iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
> --update --seconds 60 --hitcount 10 -j DROP
> 
> I'm not entirely sure if this solution is as good as fail2ban, but I've
> used it for a while now on my public-facing server for ssh and DNS.

The primary advantage fail2ban would have over your iptables filters is
being able to differentiate successful and failed logins.

Corey



More information about the PLUG mailing list