Quantcast
Channel: BigSmoke » iptables
Viewing all articles
Browse latest Browse all 6

Iptables: limiting amount of connections per IP

0
0

Short version of this.

To allow SSH TCP connections, but only 10 new per 60 seconds:

iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP
iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --set

To check current list (from the man page):

cat /proc/net/xt_recent/DEFAULT

Test with:

#!/bin/bash
ip="1.2.3.4"
port="22"
for i in {1..100}
do
  echo "attempt $i"
  # do nothing just connect and exit
  echo "exit" | nc ${ip} ${port};
done

Viewing all articles
Browse latest Browse all 6

Latest Images

Trending Articles





Latest Images