Not AMD64 specific, but I use the following iptables script: #!/bin/sh # Start fresh iptables -F
# Deal with SSH connections. iptables -N sshchain iptables -N sshscan # Do the block iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j sshchain iptables -A sshchain -m conntrack --ctstate NEW -m recent --name sshattempts --set iptables -A sshchain -m recent --rcheck --seconds 60 --hitcount 10 --name sshattempts --rsource -j sshscan # log when it happens, iptables -A sshscan -m recent --rcheck --hitcount 3 --seconds 600 -j LOG --log-prefix "SSH to many: " iptables -A sshscan -j DROP ################## It blocks all IPs that make more than 10 SSH connect attempts per minute. This is more than generous because my most forgetful legitimate user only manages two or three failures total per login attempt. But, it is enough to dramatically reduce the amount of nefarious failures. -Brett. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
