It would be good to not forget about IPv6 too:
# cleanup iptables -F iptables -X SSH_CHECK ip6tables -F ip6tables -X SSH_CHECK # set rules iptables -N SSH_CHECK iptables -A SSH_CHECK -m recent --set --name SSH iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount 2 --name SSH -j DROP iptables -A SSH_CHECK -m recent --update --seconds 3600 --hitcount 10 --name SSH -j DROP iptables -A SSH_CHECK -p tcp --dport 22 -j ACCEPT # accept packet if not previously dropped ip6tables -N SSH_CHECK ip6tables -A SSH_CHECK -m recent --set --name SSH ip6tables -A SSH_CHECK -m recent --update --seconds 60 --hitcount 2 --name SSH -j DROP ip6tables -A SSH_CHECK -m recent --update --seconds 3600 --hitcount 10 --name SSH -j DROP ip6tables -A SSH_CHECK -p tcp --dport 22 -j ACCEPT # accept packet if not previously dropped iptables -A INPUT -p tcp -s 1.2.3.4 -j ACCEPT # whitelist your IP (replace 1.2.3.4) iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK # jump from INPUT to SSH_CHECK ip6tables -A INPUT -p tcp -s 1.2.3.4 -j ACCEPT # whitelist your IP (replace 1.2.3.4) ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK # jump from INPUT to SSH_CHECK
Thank you very much, i updated the snippet in the post 👍
Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink.
Hide child comments as well
Confirm
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
It would be good to not forget about IPv6 too:
Thank you very much, i updated the snippet in the post 👍