The following iptable entries will prevent and block repeat failed connections, but not permanently. This allows two new connections every 60 seconds. This is an effective way of blocking automated attacks you will see mostly from Chinese ISP’s.
iptables -A INPUT -p tcp -m tcp -m state -m recent ! -s 10.0.0.0/24 -i eth0 –dport 22 [...]
From terminal, execute the following;
sudo modprobe ip_nat_ftp ports=21
sudo modprobe ip_conntrack_ftp
sudo iptables -A FORWARD -m state –state ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -p tcp -m tcp -m state –dport 21 –state NEW -j ACCEPT
sudo iptables -A FORWARD -p tcp -m tcp -m state –sport 20 –state RELATED -j ACCEPT
sudo iptables -A FORWARD -p tcp -m [...]
