We are far away from the original topic. A new thread begins. On 16 Apr 2006 at 18:34, Martin Hicks wrote: > > On Sat, Apr 15, 2006 at 12:42:15PM -0400, sberaud wrote: > > > > Adding the drop rule was made easy with Webmin, once I knew what I had > > to do. > > > > Okay, so here's what I do. I use ipt_recent, which allows you to do > <something> if someone tries to connect to you at a fairly high rate. > This stops the brute force ssh attacks in their tracks. > > # Rate limit SSH -- avoid dictionary attacks > iptables -A INPUT -p tcp --dport 22 -i $extdev -m state --state NEW -m recent \ > --set > iptables -A INPUT -p tcp --dport 22 -i $extdev -m state --state NEW -m recent \ > --update --seconds 60 --hitcount 4 -j LOG > iptables -A INPUT -p tcp --dport 22 -i $extdev -m state --state NEW -m recent \ > --update --seconds 60 --hitcount 4 -j DROP I would recommend moving sshd to listen on another higher, random port. e.g. 12345. Also, make use of the ssh config file to limit incoming connections to known IP addresses. And best of all, require the use of sshe keys to login, not passwords. -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php