limit incoming connections on ssh to no more than 6 attempts/30seconds:
ufw limit in log 22/tcp
---
also, in netfiler parlance:
/sbin/iptables -N LOGDROP
/sbin/iptables -A LOGDROP -j LOG
/sbin/iptables -A LOGDROP -j DROP
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j DROP
No comments:
Post a Comment