Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- eth0 -m state --state NEW -m recent --set
- /usr/sbin/iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
- This rule will block an IP if it attempts more than 3 connections per minute to SSH. Notice that the state is set to NEW. This means only new connections not established ones are impacted. Established connections are the result of a successful SSH authentication, so users who authenticate properly will not be blocked.
Add Comment
Please, Sign In to add comment