26 lines
947 B
Plaintext

{
my $abtries = ${'sshd'}{'AutoBlockTries'} || "4";
my $abtime = ${'sshd'}{'AutoBlockTime'} || "900";
my $sshd_port = ${'sshd'}{'TCPPort'} || "22";
$OUT .=<<"EOF";
# Create a whitelist
/sbin/iptables --new-chain SSH_Whitelist
/sbin/iptables --new-chain SSH_Whitelist_1
/sbin/iptables --append SSH_Whitelist -j SSH_Whitelist_1
# Use recent packets match to block SSH from sites generating
# $abtries connections within $abtime seconds
# Check/clear IP block status in /proc/net/xt_recent/SSH
/sbin/iptables --new-chain SSH_Autoblock
# First check if not whitelisted
/sbin/iptables --append SSH_Autoblock --proto tcp --dport $sshd_port \\
-m state --state NEW -j SSH_Whitelist
/sbin/iptables --append SSH_Autoblock -m recent --set --name SSH
/sbin/iptables --append SSH_Autoblock -m recent --rcheck --rttl \\
--seconds $abtime --hitcount $abtries --name SSH -j denylog
EOF
}