 |  |  |  |  |  |  |  |
iptables port connection limit rule
 |
I want two create two iptables rules:
1) A connection to port 22 can only be made once every 60 seconds per IP.
2) There can only be 1 new connection to port 22 every minute with a burst of 10, regardless of IP.
The first two lines enforce rule 1).
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --update --seconds 60 --hitcount 2 -j DROP
The next one enforces rule 2).
iptables -A INPUT -p tcp --dport 22 -i eth1 -m limit --limit 1/minute --limit-burst 10 -j ACCEPT
I would rather have the --limit rule first, but I haven't found a way for it to say, "continue to the next rule if true, drop if false". Then if someone does a DDOS attack with a big botnet the packets will get dropped before going through two rules.
Ideally:
iptables -A INPUT -p tcp --dport 22 -i eth1 -m limit --limit 1/minute --limit-burst 10 -j "continue to the next rule if true, drop if false"
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --update --seconds 60 --hitcount 2 -j DROP
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -j ACCEPT
1) A connection to port 22 can only be made once every 60 seconds per IP.
2) There can only be 1 new connection to port 22 every minute with a burst of 10, regardless of IP.
The first two lines enforce rule 1).
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --update --seconds 60 --hitcount 2 -j DROP
The next one enforces rule 2).
iptables -A INPUT -p tcp --dport 22 -i eth1 -m limit --limit 1/minute --limit-burst 10 -j ACCEPT
I would rather have the --limit rule first, but I haven't found a way for it to say, "continue to the next rule if true, drop if false". Then if someone does a DDOS attack with a big botnet the packets will get dropped before going through two rules.
Ideally:
iptables -A INPUT -p tcp --dport 22 -i eth1 -m limit --limit 1/minute --limit-burst 10 -j "continue to the next rule if true, drop if false"
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --update --seconds 60 --hitcount 2 -j DROP
iptables -A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -j ACCEPT
|
Similar Threads
- RedHat Network Server (*nix Hardware Configuration)
Other Threads in the Network Security Forum
- Previous Thread: T-Mobile loses 17 million customer records
- Next Thread: Five Things Not to Text to a Politician During a Speech
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Network Security Posts
- Today's Posts
- Unanswered Threads
adobe advice antivirus apple banking blackhat blackmail botnet browser business china crack crime cybercrime daniweb data database dataloss dataprotection development email emailretention encryption europe exploit facebook fail firefox forensic fraud gmail google government hack hacker hacking hardware hotmail idtheft information internet iphone kaspersky koobface law linux malware mcafee mckinnon microsoft military mobile music nasa nationalsecurity network networks news obama password passwords paypal pentagon phishing php politics privacy realplayer report research sans satnav scam school search security skype socialnetworking software spam sqlinjection survey symantec symbian terrorism terrorist theft trends trojan trojans twitter uk usb virus vulnerability web word worm yahoo zeroday