Skip to content

Iptables: limiting amount of connections per IP

Short and improved version of this.

To allow SSH TCP connections, but after more than 20 NEWs in 20s, drop:

iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -I INPUT -p tcp --dport 22 -m recent --rcheck --seconds 20 --hitcount 20 --name sshbadguys --rsource -j DROP
iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name sshbadguys --rsource

To check current list (from the man page):

cat /proc/net/xt_recent/sshbadguys

Test with:

#!/bin/bash
ip="1.2.3.4"
port="22"
for i in {1..100}
do
  echo "attempt $i"
  # do nothing just connect and exit
  echo "exit" | nc ${ip} ${port};
done


    No Comments ( Add comment / trackback )

    Post a comment

    (required)
    (required)

    Your email is never published nor shared.

    (optional)
    Allowed HTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>