New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Rate limit SSH with iptables
So i noticed that i get a lot of attacks against SSH on my various VPS's, hundreds of invalid user attempts being logged. I use public/private key rather than password authentication so im not too worried about the security side of things, but id like to block the IP's of these idiots anyway.
Ive found reference to doing this with iptables and ive tried a few variations of these commands.
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
I change eth0 to venet0, but it doesnt like it and i get an error saying "iptables: No chain/target/match by that name."
Im still getting the hang of linux and as such im using Firehol to configure my iptables, but i should still be able to poke at it directly shouldnt i? Where am i going wrong?
Comments
Most likely the "recent" or "state" module wasn't built for iptable. Ask your providers to have them installed.
Thanks, will look into it!
This is something the provider would have to do rather than something i do when installing iptables then?
Ok so cat /proc/net/ip_tables_matches shows a bunch of stuff including 'state' so i guess i need 'recent' and im good to go. Hopefully Mr Todd is feeling charitable
Yes, the module needs to be enabled on the host node by the provider.