Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
Rate limit SSH with iptables
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Rate limit SSH with iptables

DeorDeor Member
edited August 2011 in General

So i noticed that i get a lot of attacks against SSH on my various VPS's, hundreds of invalid user attempts being logged. I use public/private key rather than password authentication so im not too worried about the security side of things, but id like to block the IP's of these idiots anyway.

Ive found reference to doing this with iptables and ive tried a few variations of these commands.

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent  --update --seconds 60 --hitcount 4 -j DROP

I change eth0 to venet0, but it doesnt like it and i get an error saying "iptables: No chain/target/match by that name."
Im still getting the hang of linux and as such im using Firehol to configure my iptables, but i should still be able to poke at it directly shouldnt i? Where am i going wrong?

Comments

  • Most likely the "recent" or "state" module wasn't built for iptable. Ask your providers to have them installed.

    Thanked by 2Deor Asim

    Blog at LowEndBox.com.

  • DeorDeor Member
    edited August 2011

    Thanks, will look into it!

    This is something the provider would have to do rather than something i do when installing iptables then?

  • DeorDeor Member

    Ok so cat /proc/net/ip_tables_matches shows a bunch of stuff including 'state' so i guess i need 'recent' and im good to go. Hopefully Mr Todd is feeling charitable ;)

  • Yes, the module needs to be enabled on the host node by the provider.

    Thanked by 2Deor Asim

    Signatures are to identify who I am. I'm me. Who the hell are you?

Sign In or Register to comment.