CentOS 5 - preventing brute force attacks with iptables

categories:

Based on http://e18.physik.tu-muenchen.de/~tnagel/ipt_recent/

The following example is much simpler, it blocks hosts trying to connect more than 3 times to the SSH server within 60 seconds. If you need something more complex, check out the howto mentionned above.

This is my /etc/sysconfig/iptables

<code>*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:LIMIT_SSH - [0:0]

# accept localhost and related/established traffic
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -i lo -j ACCEPT 

# transfer connections made to tcp/22 to the LIMIT_SSH chain
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j LIMIT_SSH 

# block anything else in the INPUT chain
-A INPUT -j DROP 

# if host has made more than 3 attempts in 60 seconds, drop it
-A LIMIT_SSH -m recent --set --name SSH
-A LIMIT_SSH -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP 
-A LIMIT_SSH -j ACCEPT 

COMMIT</code>

Recent module homepage : http://www.snowman.net/projects/ipt_recent/




Thanks for reading this post!


If you found an issue in this article, you can create an issue on Github.

If you have a comment or question, please drop me a line below!