Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /// SSH brute-force scan protection
- /sbin/iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --set
- /sbin/iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 10 -j DROP
- /// ports scan protection
- /sbin/iptables -N port-scanning
- /sbin/iptables -A port-scanning -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s --limit-burst 2 -j RETURN
- /sbin/iptables -A port-scanning -j DROP
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement