Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- *filter
- :INPUT DROP [0:0]
- :FORWARD DROP [0:0]
- :OUTPUT ACCEPT [0:0]
- -A INPUT -s XXX.XXX.XXX.XXX/32 -j ACCEPT
- -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
- -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 987 -j ACCEPT
- -A INPUT -p tcp -m tcp --dport 987 -m state --state NEW -m recent --set --name ssh --rsource
- -A INPUT -m recent --update --seconds 300 --reap --hitcount 4 --name ssh --rsource -j DROP
- -A INPUT -p tcp -m tcp --dport 22 -j SET --add-set ssh22 src
- -A INPUT -m set --match-set ssh22 src -j LOG --log-prefix "[SSH 22] " --log-level 4
- -A INPUT -m set --match-set ssh22 src -j DROP
- -A INPUT -i lo -p all -j ACCEPT
- COMMIT
Add Comment
Please, Sign In to add comment
