On 02/14/2018 10:36 PM, David Woodhouse wrote:
On Wed, 2018-02-14 at 12:34 -0700, Philip Prindeville wrote:
Once I was messing with firewall settings and accidentally disabled
the firewall.  Within a few minutes, there were all sorts of password
attacks on the WAN port.  Having a sufficiently complex password
slowed things down long enough for me to re-secure the box.
Pfft. If you had a half-decent password, the box was always secure.

If you really care, perhaps roll something like this (which I have in
my /etc/firewall.user) into the default configuration:

for PROTO in iptables ip6tables ; do
    for TABLE in forwarding_rule input_rule; do
       $PROTO -A $TABLE -p tcp --dport 22 --syn -m recent --name SSH --rcheck --hitcount 
4 --seconds 60 -j LOG --log-prefix "SSH_BRUTE "
       $PROTO -A $TABLE -p tcp --dport 22 --syn -m recent --name SSH --update 
--hitcount 4 --seconds 60 -j REJECT --reject-with tcp-reset
       $PROTO -A $TABLE -p tcp --dport 22 --syn -m recent --name SSH --set -j 

You have the same "problem" with external access via HTTPS, surely? Are
you planning to ban password access to that too?

Just change the WAN ssh port number to something in the dynamic port range, pretty much 0 bots scan beyond the few well-known ports range, and you save CPU resources too.


Lede-dev mailing list

Reply via email to