Difference between revisions of "Iptables"
From DarkWiki
(Created page with "==Block SSH brute force attacks== With logging: <source lang="bash"> iptables -N LOGDROP iptables -A LOGDROP -j LOG iptables -A LOGDROP -j DROP iptables -I INPUT -p tcp --dp...") |
(→Block entire subnets) |
||
| Line 22: | Line 22: | ||
<source lang="bash"> | <source lang="bash"> | ||
iptables -A INPUT -s 58.218.0.0/16 -j DROP | iptables -A INPUT -s 58.218.0.0/16 -j DROP | ||
| + | </source> | ||
| + | |||
| + | ==Block specific IP address== | ||
| + | |||
| + | <source lang="bash"> | ||
| + | iptables -A INPUT -s 12.23.34.45 -j DROP | ||
</source> | </source> | ||
Latest revision as of 07:35, 24 January 2017
Block SSH brute force attacks
With logging:
iptables -N LOGDROP
iptables -A LOGDROP -j LOG
iptables -A LOGDROP -j DROP
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j LOGDROP
Without logging:
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j DROP
Block entire subnets
iptables -A INPUT -s 58.218.0.0/16 -j DROP
Block specific IP address
iptables -A INPUT -s 12.23.34.45 -j DROP
