29 Sep
2014
29 Sep
'14
2:43 p.m.
Just to mention it...
Since my machine is shared serving also a public IP, I also do some rate
limiting on most "hacked" tcp ports:
PORT_RATE_LIMIT="ssh smtp smtps pop3 pop3s"
# rate limiting against brute force & DDOS
#
echo -n "Adding IPv4 input connection rate limiting: "
for port in $PORT_RATE_LIMIT ; do
iptables -A INPUT -p tcp --dport $port -m state --state NEW -m recent
--set
iptables -A INPUT -p tcp --dport $port -m recent --update --seconds 60
--hitcount 8 -j DROP
echo -n "$port "
done
echo ""
Marius, YO2LOJ