SSH Brute Force Protection (iptables)

Posted on September 11, 2011 by pingd

For our first tutorial on SSH brute force protection we will utilize the iptables method. This is a very easy via the following iptables commands:

iptables -A INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -A INPUT -p udp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 30 --hitcount 3 -j LOG -m limit --limit 10/minute --log-level notice --log-prefix "SSH-ATTACK : "
iptables -A INPUT -p udp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 30 --hitcount 3 -j LOG -m limit --limit 10/minute --log-level notice --log-prefix "SSH-ATTACK : "
iptables -A INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 30 --hitcount 3 -j DROP
iptables -A INPUT -p udp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 30 --hitcount 3 -j DROP

You will of course need to replace ‘–dport 22′ with your SSHd port if it’s not 22 and edit ‘-i eth0′ to match your network device. The rules will log attacks into syslog and you will need to save your config once you know it works.

This entry was posted in Linux Guides. Bookmark the permalink.

Leave a Reply