The only problem with this script, is that you will no longer see
hundreds of endless ssh attempts in your logs. It is quite sad to
seeing all those attempts being DROPPED like a bad habit.

This script I think came another source, perhaps the Linux Journal website? I forget. Anyways I did not make up these iptable rules, but they sure work mighty fine.



-------------------

#!/bin/sh
#limit incoming connections to port 22 to 2 per minute

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 -j DROP

'-m recent' should be usable, except it doesn't keep state in a reusable way, nor does it allow for logging. I would suggest using any of the already 'combat proven' apps around.

OT, and not to spread FUD, but from my experience what it definately is *not* good for is when you're tracking a *huge* amount of SYN's per IP per second. Even with adequate memory on board, adjusted module loading arguments, lowering lifespan for entries and applied to specific Iptables rules it became CPU and memory intensive to the point the box needed a three finger salute.

You can log with the recent module i have set up logging rules a few days ago and works fine.