Simulate fail2ban Using Iptables (for SSH only)

Fellow HN reader, spindritf shared a tip to simulate something similar to fail2ban, a tool to ban certain IP address with malicious intent. Useful when you don't want to install fail2ban. My main issue with fail2ban is I sometimes accidentally ban myself after several login failure.

-A INPUT -p tcp -m tcp --dport 22 -m recent --update --seconds 180 --hitcount 4 
--rttl --name SSH --rsource -j LOG --log-prefix "ssh brute force: "

-A INPUT -p tcp -m tcp --dport 22 -m recent --update --seconds 180 --hitcount 4 
--rttl --name SSH --rsource -j DROP

-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource -j ACCEPT

Till today, I still can't read and use the Iptables properly, even with the explainshell tool, and still try my best to avoid it. Maybe one day, I still really force myself to really learn it.

No comments:

Post a Comment