DaniWeb IT Discussion Community

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   Network Security (http://www.daniweb.com/forums/forum167.html)
-   -   iptables port connection limit rule (http://www.daniweb.com/forums/thread149649.html)

shwick Oct 7th, 2008 2:07 am
iptables port connection limit rule
 
I want two create two iptables rules:

1) A connection to port 22 can only be made once every 60 seconds per IP.
2) There can only be 1 new connection to port 22 every minute with a burst of 10, regardless of IP.

The first two lines enforce rule 1).

iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --update --seconds 60 --hitcount 2 -j DROP

The next one enforces rule 2).

iptables -A INPUT -p tcp --dport 22 -i eth1 -m limit --limit 1/minute --limit-burst 10 -j ACCEPT

I would rather have the --limit rule first, but I haven't found a way for it to say, "continue to the next rule if true, drop if false". Then if someone does a DDOS attack with a big botnet the packets will get dropped before going through two rules.

Ideally:

iptables -A INPUT -p tcp --dport 22 -i eth1 -m limit --limit 1/minute --limit-burst 10 -j "continue to the next rule if true, drop if false"
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --update --seconds 60 --hitcount 2 -j DROP
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -j ACCEPT


All times are GMT -4. The time now is 3:19 am.

Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC