On Wed, 2018-02-14 at 12:34 -0700, Philip Prindeville wrote: > Once I was messing with firewall settings and accidentally disabled > the firewall. Within a few minutes, there were all sorts of password > attacks on the WAN port. Having a sufficiently complex password > slowed things down long enough for me to re-secure the box.
Pfft. If you had a half-decent password, the box was always secure. If you really care, perhaps roll something like this (which I have in my /etc/firewall.user) into the default configuration: for PROTO in iptables ip6tables ; do for TABLE in forwarding_rule input_rule; do $PROTO -A $TABLE -p tcp --dport 22 --syn -m recent --name SSH --rcheck --hitcount 4 --seconds 60 -j LOG --log-prefix "SSH_BRUTE " $PROTO -A $TABLE -p tcp --dport 22 --syn -m recent --name SSH --update --hitcount 4 --seconds 60 -j REJECT --reject-with tcp-reset $PROTO -A $TABLE -p tcp --dport 22 --syn -m recent --name SSH --set -j RETURN done done You have the same "problem" with external access via HTTPS, surely? Are you planning to ban password access to that too?
Description: S/MIME cryptographic signature
_______________________________________________ openwrt-devel mailing list firstname.lastname@example.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel