Re: SSH and iptables
- From: Steven Jones <sjones@xxxxxxxxxx>
- Date: Thu, 09 Mar 2006 10:02:13 GMT
On Thu, 09 Mar 2006 02:19:20 +0000, Robby Workman wrote:
On 2006-03-08, Steven Jones <sjones@xxxxxxxxxx> wrote:
I am looking for iptables rules to do the following:
When an SSH connection attempt (at the standard port) from a given IP
address fails, no further SSH connections will be accepted from that IP
address for 60 seconds.
If, on the other hand, the connection attempt succeeds, then that IP
address is free to start as many (successful) SSH connections within the
next 60 seconds (and beyond, in fact).
Is this possible? I am aware of numerous iptables rules that can do
something similar. The catch is that they can't tell whether or not a
connection attempt was unsuccessful.
Hmmm... I'm not taking into account the possible cpu overhead related to
doing this, but you can likely work up something the the recent match:
iptables -A INPUT -i <interface> -p tcp --dport 22 -m state --state \
ESTABLISHED -m recent --set --rsource --name SSH_EST -j ACCEPT
iptables -A INPUT -i <interface> -p tcp --dport 22 -m state --state \
NEW -m recent --rcheck --rsource --name SSH_EST -j ACCEPT
Note that this is untested, written from memory, and may not have a chance
of working, even if load concerns are irrelevant - it does, however, give
you something on which to chew...
Hmm... Are these rules able to tell between successful and nonsuccessful
login attempts?
.
- References:
- SSH and iptables
- From: Steven Jones
- Re: SSH and iptables
- From: Robby Workman
- SSH and iptables
- Prev by Date: Re: I need a better solution than NFS
- Next by Date: Re: SSH and iptables
- Previous by thread: Re: SSH and iptables
- Next by thread: Re: SSH and iptables
- Index(es):
Relevant Pages
|
