26 lines
947 B
Plaintext
26 lines
947 B
Plaintext
{
|
|
my $abtries = ${'sshd'}{'AutoBlockTries'} || "4";
|
|
my $abtime = ${'sshd'}{'AutoBlockTime'} || "900";
|
|
my $sshd_port = ${'sshd'}{'TCPPort'} || "22";
|
|
|
|
$OUT .=<<"EOF";
|
|
# Create a whitelist
|
|
/sbin/iptables --new-chain SSH_Whitelist
|
|
/sbin/iptables --new-chain SSH_Whitelist_1
|
|
/sbin/iptables --append SSH_Whitelist -j SSH_Whitelist_1
|
|
|
|
# Use recent packets match to block SSH from sites generating
|
|
# $abtries connections within $abtime seconds
|
|
# Check/clear IP block status in /proc/net/xt_recent/SSH
|
|
/sbin/iptables --new-chain SSH_Autoblock
|
|
|
|
# First check if not whitelisted
|
|
/sbin/iptables --append SSH_Autoblock --proto tcp --dport $sshd_port \\
|
|
-m state --state NEW -j SSH_Whitelist
|
|
|
|
/sbin/iptables --append SSH_Autoblock -m recent --set --name SSH
|
|
/sbin/iptables --append SSH_Autoblock -m recent --rcheck --rttl \\
|
|
--seconds $abtime --hitcount $abtries --name SSH -j denylog
|
|
EOF
|
|
}
|