iptables - limit failed log in attempt by ip

drummondislebsd · Post by **drummondislebsd** » 2015/03/05 01:46:51

Migrating from BSD to Centos.

In BSD, there is a pf.conf packet filering command called 'max-src-conn'

And, with it, the firewall/packet filer counts the max failed attempts of an ip to ssh, or other defined proto. And, author can establish a rule that after X fails in a session, the ip is logged to (brutes) table, which then blocks the ip thereafter.

I've looked at faq, forums, blogs and tutorials on iptables and cannot find the equivalent command. it seems the common recommendation is snort or fail2ban to accomplish this.

thoughts?

Post by **TrevorH** » 2015/03/05 09:22:00

You can also set up iptables to do something similar using the -m recent module.

drummondislebsd · Post by **drummondislebsd** » 2015/03/13 02:54:03

I found this and it is very similar to packet filtering method in BSD.

## Permit SSH port and prevent bruteforce by allowing 3 ssh attempt in a minute
#
$IPTABLES -A INPUT -p tcp --dport ${SSH_PORT} -m state --state NEW -j LOG --log-prefix "SSH Log:"

$IPTABLES -A INPUT -t filter -p tcp --dport ${SSH_PORT} -j ACCEPT

$IPTABLES -A INPUT -p tcp --dport ${SSH_PORT} -m state --state NEW -m recent --set --name DEFAULT --rsource

$IPTABLES -A INPUT -p tcp --dport ${SSH_PORT} -m state --state NEW -m recent --update --seconds 60 --hit count 4 --name DEFAULT --rsource -j DROP

CentOS

iptables - limit failed log in attempt by ip

iptables - limit failed log in attempt by ip

Re: iptables - limit failed log in attempt by ip

Re: iptables - limit failed log in attempt by ip