Koozali.org: home of the SME Server

Auto block ssh port when hammered by certain IP

leto

Auto block ssh port when hammered by certain IP
« Reply #15 on: March 19, 2007, 11:00:28 AM »
Using iptables, you can ban for like 5 minutes an IP that has failed X times.

It goes something like this :
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 300 --hitcount 10 -j DROP

That example bans for 300 seconds after 10 unsuccessful tries.

leto

Auto block ssh port when hammered by certain IP
« Reply #16 on: March 19, 2007, 11:01:09 AM »
Of course you'll need to replace 22 and eth0 with the port sshd is listening on and the name of your network iface.

Offline Curly

  • ***
  • 114
  • +0/-0
Auto block ssh port when hammered by certain IP
« Reply #17 on: March 19, 2007, 07:20:43 PM »
I'm not sure, but I think that SME does not contain the neccesary module ipt_recent.
.......................................