On 04/12/2013 09:25 AM, Michael Torrie wrote: > iptables itself can also do rate-limiting of connections. For example, > here're rules that rate-limits ssh attempts: > > iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set > > iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent > --update --seconds 60 --hitcount 10 -j LOG --log-prefix "blocked ssh > after too many connection attempts in 60 seconds." > > iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent > --update --seconds 60 --hitcount 10 -j DROP > > I'm not entirely sure if this solution is as good as fail2ban, but I've > used it for a while now on my public-facing server for ssh and DNS.
The primary advantage fail2ban would have over your iptables filters is being able to differentiate successful and failed logins. Corey /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
