http://www.sulinux.net/bbs/board.php?bo_table=success&wr_id=42&sca=
http://la-samhna.de/library/brutessh.html
For whitelisting, a possible variation (also described by Andrew Pollock) would be:
(1) Create a custom chain for whitelisting first:
iptables -N SSH_WHITELIST
(2) Whitelist any host(s) that you like:
iptables -A SSH_WHITELIST -s TRUSTED_HOST_IP -m recent --remove --name SSH -j ACCEPT
(3) Add the blocking rules:
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_WHITELIST iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j ULOG --ulog-prefix SSH_brute_force iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP
'linux > Tip' 카테고리의 다른 글
| LVM command (1) | 2007.08.23 |
|---|---|
| console term 해상도 조정 (0) | 2007.06.01 |
| ps option (0) | 2007.05.08 |
| Xen (0) | 2007.05.02 |
| SELinux 관련 qna (0) | 2007.04.30 |
