k3mistâ„¢ » iptables http://k3mist.com Development, Design & System Administration Sat, 12 Sep 2009 15:40:34 +0000 http://wordpress.org/?v=2.8.4 en hourly 1 Howto prevent and block repeat failed connections to ssh with iptables http://k3mist.com/linux/howto-prevent-and-block-repeat-failed-connections-to-ssh-with-iptables/ http://k3mist.com/linux/howto-prevent-and-block-repeat-failed-connections-to-ssh-with-iptables/#comments Sat, 08 Aug 2009 13:07:06 +0000 k3mist http://k3mist.com/?p=152 The following iptable entries will prevent and block repeat failed connections, but not permanently. This allows two new connections every 60 seconds. This is an effective way of blocking automated attacks you will see mostly from Chinese ISP’s.


iptables -A INPUT -p tcp -m tcp -m state -m recent ! -s 10.0.0.0/24 -i eth0 --dport 22 --state NEW --set --name DEFAULT --rsource
iptables -A INPUT -p tcp -m tcp -m state -m recent ! -s 10.0.0.0/24 -i eth0 --dport 22 --state NEW -j DROP --update --seconds 60 --hitcount 2 --name DEFAULT --rsource
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

]]> The following iptable entries will prevent and block repeat failed connections, but not permanently. This allows two new connections every 60 seconds. This is an effective way of blocking automated attacks you will see mostly from Chinese ISP’s.


iptables -A INPUT -p tcp -m tcp -m state -m recent ! -s 10.0.0.0/24 -i eth0 --dport 22 --state NEW --set --name DEFAULT --rsource
iptables -A INPUT -p tcp -m tcp -m state -m recent ! -s 10.0.0.0/24 -i eth0 --dport 22 --state NEW -j DROP --update --seconds 60 --hitcount 2 --name DEFAULT --rsource
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

]]> http://k3mist.com/linux/howto-prevent-and-block-repeat-failed-connections-to-ssh-with-iptables/feed/ 0 Howto allow outgoing ftp connections in iptables http://k3mist.com/linux/howto-allow-outgoing-ftp-connections-in-iptables/ http://k3mist.com/linux/howto-allow-outgoing-ftp-connections-in-iptables/#comments Thu, 30 Jul 2009 18:24:55 +0000 k3mist http://k3mist.com/?p=149 From terminal, execute the following;
sudo modprobe ip_nat_ftp ports=21
sudo modprobe ip_conntrack_ftp

sudo iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -p tcp -m tcp -m state --dport 21 --state NEW -j ACCEPT
sudo iptables -A FORWARD -p tcp -m tcp -m state --sport 20 --state RELATED -j ACCEPT
sudo iptables -A FORWARD -p tcp -m tcp -m state --dport 1024:65535 --sport 1024:65535 --state RELATED -j ACCEPT

]]> From terminal, execute the following;
sudo modprobe ip_nat_ftp ports=21
sudo modprobe ip_conntrack_ftp

sudo iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -p tcp -m tcp -m state --dport 21 --state NEW -j ACCEPT
sudo iptables -A FORWARD -p tcp -m tcp -m state --sport 20 --state RELATED -j ACCEPT
sudo iptables -A FORWARD -p tcp -m tcp -m state --dport 1024:65535 --sport 1024:65535 --state RELATED -j ACCEPT

]]> http://k3mist.com/linux/howto-allow-outgoing-ftp-connections-in-iptables/feed/ 0