iptables ssh
How to use iptables to limit rates new SSH incoming connections from each IP on Linux? For example, at most 6 SSH connection attempts every 60 seconds.
如何使用iptables限制Linux上每个IP的新SSH传入连接的速率? 例如,每60秒最多进行6次SSH连接尝试。
You may use these rules (skip the first one, if you have set the basic rules):
您可以使用以下规则(如果已设置基本规则 ,请跳过第一个规则 ):
for tables in iptables ip6tables ; do
# Allow established inbound connections
$tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Maximum 6 new connections every 60 seconds
$tables -A INPUT -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 6 --name SSH --rsource -j DROP
# Allow and record new connections
$tables -A INPUT -p tcp --dport 22 -m recent --set --name SSH --rsource -j ACCEPT
# Reject other connections; use only needed
$tables -A INPUT -j REJECT
$tables -A FORWARD -j REJECT
done
The first rule accepts ESTABLISHED connections. New SSH connections will hit the next 2 rules and be marked.
第一条规则接受ESTABLISHED连接。 新的SSH连接将遵循以下2条规则并被标记。
If you are using firwalld, these 2 rules can be used for limiting the rate as for the 2nd and 3rd rules (not all):
如果您使用的是firwalld,则可以像以下第二条和第三条规则(并非全部)一样使用以下两个规则来限制速率:
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp --dport 22 -m state --state NEW -m recent --set
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 1 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 6 -j REJECT --reject-with tcp-reset
firewall-cmd --reload
iptables ssh