Iptables SSH brute-force protection

Some iptables rules that are useful to increase the overall security of a Linux server.

#SSH brute-force protection
/sbin/iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --set 
/sbin/iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 10 -j DROP  

#Protection against port scanning
/sbin/iptables -N port-scanning 
/sbin/iptables -A port-scanning -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s --limit-burst 2 -j RETURN 
/sbin/iptables -A port-scanning -j DROP

  • iptables, brute-force protection, ssh
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Iptables Anti-DDoS Rules

You can use the below iptables ruleset for additional DDoS protection of your Linux server. #Drop...

Iptables Anti-DDoS Rules

You can use the below iptables ruleset for additional DDoS protection of your Linux server. #Drop...

How to Install Let's Encrypt (CentOS/Debian/Ubuntu)

This tutorial will show you on how to install a Let's Encrypt on your Ubuntu, Debian or CentOS...

How to Install SSHGuard (Ubuntu/CentOS)

This tutorial will show you on how to install SSHGuard on your Ubuntu or CentOS VPS....

How to Install SSHGuard (Ubuntu/CentOS)

This tutorial will show you on how to install SSHGuard on your Ubuntu or CentOS VPS....

Powered by WHMCompleteSolution