Port-forwarded SSH (or whatever) rate limit & drop

Discussion in 'Tomato Firmware' started by DimBulb, Feb 13, 2014.

  1. DimBulb

    DimBulb Reformed Router Member

    Adapted from http://www.rackaid.com/blog/how-to-block-ssh-brute-force-attacks/

    Not sure if I put it in the right location/table (comments welcome). I have SSH port forwarded to my Debian box, and I wanted to move a rule that was currently on the Debian box to the router. Had a bit of trouble with it and didn't see it on a forum search. Posting it here for posterity.

    Can be pasted into firewall scripts and it will be properly reapplied on reboot, after the Tomato iptables are set up.

    Code:
    iptables -t nat -I PREROUTING -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
    iptables -t nat -I PREROUTING 2 -p tcp -m tcp --dport 22 -m recent --update --seconds 3600 --hitcount 3 --name SSH -j LOG --log-prefix "SSH drop "
    iptables -t nat -I PREROUTING 3 -p tcp -m tcp --dport 22 -m recent --update --seconds 3600 --hitcount 3 --name SSH -j DROP
     
  2. Porter

    Porter LI Guru Member

    Tomato already has rules like that and I think they are in the default config. You can find them under Administration/Admin Access/Admin Restrictions.
     
  3. DimBulb

    DimBulb Reformed Router Member

    IIUC, that's for restricting access to the router's SSH, not an internal machine.
     
  4. Porter

    Porter LI Guru Member

    Ok, seems I got that mixed up. Disregard my comment.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice