 |  |  |  |  |  |  |  |
iptables port connection limit rule
 |
I want two create two iptables rules:
1) A connection to port 22 can only be made once every 60 seconds per IP.
2) There can only be 1 new connection to port 22 every minute with a burst of 10, regardless of IP.
The first two lines enforce rule 1).
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --update --seconds 60 --hitcount 2 -j DROP
The next one enforces rule 2).
iptables -A INPUT -p tcp --dport 22 -i eth1 -m limit --limit 1/minute --limit-burst 10 -j ACCEPT
I would rather have the --limit rule first, but I haven't found a way for it to say, "continue to the next rule if true, drop if false". Then if someone does a DDOS attack with a big botnet the packets will get dropped before going through two rules.
Ideally:
iptables -A INPUT -p tcp --dport 22 -i eth1 -m limit --limit 1/minute --limit-burst 10 -j "continue to the next rule if true, drop if false"
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --update --seconds 60 --hitcount 2 -j DROP
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -j ACCEPT
1) A connection to port 22 can only be made once every 60 seconds per IP.
2) There can only be 1 new connection to port 22 every minute with a burst of 10, regardless of IP.
The first two lines enforce rule 1).
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --update --seconds 60 --hitcount 2 -j DROP
The next one enforces rule 2).
iptables -A INPUT -p tcp --dport 22 -i eth1 -m limit --limit 1/minute --limit-burst 10 -j ACCEPT
I would rather have the --limit rule first, but I haven't found a way for it to say, "continue to the next rule if true, drop if false". Then if someone does a DDOS attack with a big botnet the packets will get dropped before going through two rules.
Ideally:
iptables -A INPUT -p tcp --dport 22 -i eth1 -m limit --limit 1/minute --limit-burst 10 -j "continue to the next rule if true, drop if false"
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --update --seconds 60 --hitcount 2 -j DROP
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -j ACCEPT
|
Similar Threads
- RedHat Network Server (*nix Hardware Configuration)
Other Threads in the Network Security Forum
- Previous Thread: T-Mobile loses 17 million customer records
- Next Thread: Five Things Not to Text to a Politician During a Speech
| Thread Tools | Search this Thread |
Latest Network Security Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
adobe advice antivirus apple attack banking blackhat bot botnet breach browser business cellphone china crime cybercrime cyberwarfare daniweb data database dataloss dataprotection development email emailretention encryption exploit facebook firefox flash forensic fraud gartner google government hack hacker hacking hardware identity idtheft information internet iphone kaspersky koobface law linux malware mcafee mckinnon microsoft military mobile nasa nationalsecurity network news obama olympics p2p password passwords pdf pentagon phishing php politics privacy report research review sans satnav scam school search security socialnetworking software spam survey symantec symbian terrorism terrorist trends trojan trojans twitter uk usb virus vulnerability warning web word worm yahoo zeroday
