Posted by: Anonymous Coward
on March 30, 2007 07:16 PM
~# iptables -A INPUT -p tcp -m state --syn --state NEW --dport 22 -m limit --limit 1/minute --limit-burst 1 -j ACCEPT
~# iptables -A INPUT -p tcp -m state --syn --state NEW --dport 22 -j DROP
In a second example, iptables are set to allow only host 193.180.177.13 to connect to the SSH service. After three failed login tries, iptables allows the host only one login try per minute:
~# iptables -A INPUT -p tcp -s 193.180.177.13 -m state --syn --state NEW --dport 22 -m limit --limit 1/minute --limit-burst 1 -j ACCEPT
~# iptables -A INPUT -p tcp -s 193.180.177.13 -m state --syn --state NEW --dport 22 -j DROP
The only difference between two sets of iptable commands is source ip address filtering.
So for the second set of filters the behviour should be the same as for the first one for connenctions comming from specified ip address
Learn about Linux
Download Linux
Get Linux help
a Mistake?
Posted by: Anonymous Coward on March 30, 2007 07:16 PMThe only difference between two sets of iptable commands is source ip address filtering.
So for the second set of filters the behviour should be the same as for the first one for connenctions comming from specified ip address
#