iptables stop people who make too many connections in a time period

Well it’s a simple deal but iptables can count the number of connections in a time period and block based on it.  For example:

iptables -N SSH_CHECK
iptables -A INPUT -p tcp --dport 22 -m state NEW -j SSH_CHECK
iptables -A SSH_CHECK -m recent --set --name SSH
iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP

So no more than 4 connections from the same ip in 60 seconds or you get blocked.




Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.