BlockSSHD version 0.5 released (SourceForge) [LWN.net]

BlockSSHD version 0.5 released (SourceForge)

Posted Jul 20, 2006 14:50 UTC (Thu) by fm2503 (guest, #2776)
In reply to: BlockSSHD version 0.5 released (SourceForge) by nix
Parent article: BlockSSHD version 0.5 released (SourceForge)

Still it can get annoying even if you don't have password authentication turned on. iptables can do this quite neatly without the need to monitor logfiles. I use:
#!/bin/sh
iptables -A INPUT -m tcp -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m tcp -p tcp -s My.local.Lan.0/24 --dport 22 -j ACCEPT
iptables -A INPUT -m tcp -p tcp -s Trusted.Internet.Machine --dport 22 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 22 -m state --state NEW -m limit --limit 3/min --limit-burst 3 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 22 -j LOG --log-prefix SSHBRUTE
iptables -A INPUT -m tcp -p tcp --dport 22 -j DROP

(Log in to post comments)