Differences

This shows you the differences between two versions of the page.

--- linux:firewall [2010/12/29 10:16]
greebo
+++ linux:firewall [2010/12/30 12:54]
greebo
@@ Line 2: / Line 2: @@
 [[linux:firewall_blocktor| how to block TOR network in realtime]]\\
 [[http://www.fs-security.com/|FS security]]\\
 <code bash |>
@@ Line 27: / Line 26: @@
 # path to iptables and iproute2 files
 IPTB="/sbin/iptables"
 IP="/sbin/ip"
 # name of our Internet and intranet interfaces
-#
 # use INTRANET="eth1+" or INTERNET="eth0+"
 # if you have more ifaces (example: eth0:0)  towards Intranet/Internet
@@ Line 102: / Line 99: @@
         $IPTB -A ssh-access -s $sshhostese -j ACCEPT
         done
- # Connection limit for SSH connections (1 connection per minute) - usefull against ssh scanners if you MUST open SSH for every IP!
+ # Connection limit for SSH connections (1 connection per minute PER source IP)
- # it is wise to use sshaccess input table (TRUSTED_HOSTS)
+ # - usefull against ssh scanners if you MUST open SSH for every IP!
-$IPTB -A ssh-access -m limit --limit 1/minute --limit-burst 1 -j ACCEPT
+$IPTB -A ssh-access -m hashlimit --hashlimit 1/minute --hashlimit-burst 1 --hashlimit-mode srcip --hashlimit-name ssh -j ACCEPT
 $IPTB -A ssh-access -j DROP
 # ssh
@@ Line 201: / Line 198: @@
 # thou shall NOT block ALL ICMP, but only allow usefull ICMP types to pass trough
-$IPTB -A INPUT -p icmp --icmp-type 0  -m limit --limit 30/second -j ACCEPT
+$IPTB -A INPUT -p icmp --icmp-type 0  -m hashlimit --hashlimit 10/second --hashlimit-burst 1 --hashlimit-mode srcip --hashlimit-name icmp0 -j
+#$IPTB -A INPUT -p icmp --icmp-type 0  -m limit --limit 30/second -j ACCEPT
 $IPTB -A INPUT -p icmp --icmp-type 3  -m limit --limit 30/second -j ACCEPT
 $IPTB -A INPUT -p icmp --icmp-type 4  -m limit --limit 30/second -j ACCEPT