Path: csiph.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: "Carlos E. R." Newsgroups: comp.os.linux.misc Subject: Re: Guaranteeing SSH access to specific clients Date: Thu, 15 Dec 2022 18:09:33 +0100 Lines: 28 Message-ID: References: <87bkoa7pne.fsf@usenet.ankman.de> <87ph6jxf5a.ln2@Telcontar.valinor> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Trace: individual.net dQn81XCx+tcca+cbp/mQpQ29jkSe9uDQrSVrQReuLenwNruSlD Cancel-Lock: sha1:XxmMHRQpdoiD+6cs/pZ3sRiovKM= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.1 Content-Language: es-ES, en-CA In-Reply-To: Xref: csiph.com comp.os.linux.misc:36485 On 13/12/2022 09.36, Richard Kettlewell wrote: > "Carlos E.R." writes: >> On 2022-12-11 13:50, Robert Heller wrote: >>> fail2ban programmably matches the logs to generate firewall rule (eg >>> iptables, or whatever) for offending IP addresses. >> >> Yes, I know. But there are iptables rules can do something similar >> without reading or writing files, inside the kernel. >> >> I can not say how to do that directly with iptables, but the old >> SuSEfirewall2 thing did it: >> >> # Example: >> # Allow max three ssh connects per minute from the same IP address: >> # "0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh" >> >> FW_SERVICES_ACCEPT_EXT= that > > That will rate-limits all SSH connections. It’s not the same as fail2ban > which blocks source addresses that display malicious activity. No, it rate limits only the IPs that attempted 3 connects per minute. The 0/0 means it checks on all IPs. -- Cheers, Carlos E.R.