"zomg! getting ssh bruteforced! halp!"
"Here! Just add theses IP Tables rules..."
iptables -N blacklist 2>/dev/null
iptables -F blacklist
iptables -A blacklist -m recent --name blacklist --set
iptables -A blacklist -j DROP
iptables -N ssh 2>/dev/null
iptables -F ssh
iptables -A ssh -m recent --update --name blacklist --seconds 320 --hitcount 1 -j DROP
iptables -A ssh -m recent --set --name count1
iptables -A ssh -m recent --update --name count1 --seconds 10 --hitcount 3 -j blacklist
iptables -A ssh -j ACCEPT
"Finally, drop it into your INPUT table somewhere:"
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ssh
*shudder*
That sort of stuff makes me cry.
It also makes me happy that I was introduced to pf a few years back.
block drop in quick from <abusers> to any
pass in quick on $wan proto tcp to ($wan) port ssh flags S/SA keep state \
(max-src-conn 2, max-src-conn-rate 3/10, overload <abusers> flush global)
Koo koo ka choo!
