I am really tired of writing my own iptables scripts and therefore I am using shorewall since quite a wile. In squeeze there was a major update to a recent shorewall version (4.4.11.* at the moment of writing). Install it with

apt-get install shorewall

which automatically uses shorewall-perl as backend (for those who still know shorewall-shell). I am using the /usr/share/doc/shorewall/examples/one-interface as basis for the configuration. I will not explain the classical shorewall configuration but concentrate on a few specialities.

SSH brute force attacks

Some of you might know the example Limit, Whitelist scripts from Jürgen Kreileder. In recent shorewall versions you don not need the self written Limit actions as several mechanisms for limiting connection rates are available. Simply add in rules

ACCEPT    net    $FW    tcp     22    -    -   2/min:3

Modify interval and burst counter as you want.

<- Previous | Home | Next ->