On 01/09/2013 08:07 AM, James wrote:
Is there a simple way in BlueOnyx to auto-block hosts that fail to
login via SSH too many times? Something similar to the Failed Logins
settings for the BlueOnyx login page but for SSH?
I use catches attacks in real times, below uses 8 attempts in 60
seconds, of course you can change those parameters
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW
-m recent --set --name SSH
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW
-m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
--
Gerald
_______________________________________________
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx