1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Port-forwarded SSH (or whatever) rate limit & drop

Discussion in 'Tomato Firmware' started by DimBulb, Feb 13, 2014.

  1. DimBulb

    DimBulb Reformed Router Member

    Adapted from http://www.rackaid.com/blog/how-to-block-ssh-brute-force-attacks/

    Not sure if I put it in the right location/table (comments welcome). I have SSH port forwarded to my Debian box, and I wanted to move a rule that was currently on the Debian box to the router. Had a bit of trouble with it and didn't see it on a forum search. Posting it here for posterity.

    Can be pasted into firewall scripts and it will be properly reapplied on reboot, after the Tomato iptables are set up.

    Code:
    iptables -t nat -I PREROUTING -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
    iptables -t nat -I PREROUTING 2 -p tcp -m tcp --dport 22 -m recent --update --seconds 3600 --hitcount 3 --name SSH -j LOG --log-prefix "SSH drop "
    iptables -t nat -I PREROUTING 3 -p tcp -m tcp --dport 22 -m recent --update --seconds 3600 --hitcount 3 --name SSH -j DROP
     
  2. Porter

    Porter LI Guru Member

    Tomato already has rules like that and I think they are in the default config. You can find them under Administration/Admin Access/Admin Restrictions.
     
  3. DimBulb

    DimBulb Reformed Router Member

    IIUC, that's for restricting access to the router's SSH, not an internal machine.
     
  4. Porter

    Porter LI Guru Member

    Ok, seems I got that mixed up. Disregard my comment.
     

Share This Page