23 May
2017
23 May
'17
7:08 a.m.
After I researched some of the options in the past (all of which
required installation of more software), I decided on an iptables
entries that 'flag' and DROP the IP for 5 minutes after 5 connection
attempts.
iptables -I FORWARD -p tcp --dport 22 -i eth0.2 -m
state --state NEW
-m recent --name ssh --update --seconds 300 --hitcount 5 -j DROP
iptables -I FORWARD -p tcp --dport 22 -i eth0.2 -m state --state NEW
-m recent --name ssh --set
This also covers scanning of the port if it takes more than 5 tries to
determine it's SSH. Configuring SSH or your port forward to connect to
the SSH on a non standard port reduced my scan attempts to 0%. Be
careful that you type your password correctly from now on...you only get
5 attempts...lol.
- Lynwood
KB3VWG