Iptables - limit incoming connection
Hello Guys!
I'd like to limit the number of ssh connections to my server.
I'd like to do it using the match limit, but i keep being kicked out. Any clue??
here's my rules so far.
iptables -A INPUT -p tcp -s 0/0 --destination-port 22 -m limit --limit 3/s --limit-burst 5 -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --destination-port 22 -j LOG --log-level debug --log-prefix "NETFILTER - SSH: "
iptables -A INPUT -p tcp -s 0/0 --destination-port 22 -j REJECT --reject-with tcp-reset
i have done this on the past, using connlimit/hashlimit, but i'd really want to do it using -m limit so i can learn something new.
# OLD RULES (BOTH WORKING)
# -m connlimit
iptables -A INPUT -p tcp -s 0/0 --destination-port 22 -m connlimit --connlimit-above 2 -j LOG --log-prefix "NETFILTER - CONNLIMIT: "
iptables -A INPUT -p tcp -s 0/0 --destination-port 22 -m connlimit --connlimit-above 2 -j REJECT --reject-with tcp-reset
iptables -A INPUT -p tcp -s 0/0 --destination-port 22 -j ACCEPT
# -m hashlimit
iptables -A INPUT -p tcp --dport 22 -m hashlimit --hashlimit-mode srcip --hashlimit-above 3/minute -j DROP
|