~# iptables -A INPUT -p tcp -m state -syn -state NEW -dport 22 -j DROP ~# iptables -A INPUT -p tcp -m state -syn -state NEW -dport 22 -m limit -limit 1/minute -limit-burst 1 -j ACCEPT In the first example, if a user enters the wrong password, access to the SSH service is blocked for one minute, and the user gets only one login try per minute from that moment on:
You can use the /second, /minute, /hour, or /day switch in any of the following examples. You can also use different iptables parameters to limit connections to the SSH service for specific time periods. After this interval has passed, the idle user will be automatically kicked out (read as logged out).
You are setting an idle timeout interval in seconds (300 secs = 5 minutes).
0 kommentar(er)
