Script iptables SSHlimit.sh

From campisano.org
Jump to navigation Jump to search 
#!/bin/sh
#
# Firewall rules to limit ssh incoming connections
# limit ssh incoming connection to 3 for minutes from a same ip

PATH=/sbin:/bin:/usr/sbin:/usr/bin;

RET_CODE=0

case "$1" in
    start)
        iptables-legacy -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH_LIST;
        iptables-legacy -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 --name SSH_LIST -j DROP;
        ;;
    stop)
        iptables-legacy -D INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 --name SSH_LIST -j DROP;
        iptables-legacy -D INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH_LIST;
        ;;
    status)
        iptables-legacy -L -n --line-numbers;
        ;;
    restart|reload|force-reload)
        echo "Error: argument '$1' not supported" >&2;
        RET_CODE=1;
        ;;
    *)
        echo "Usage: $0 {start|stop|status}";
        RET_CODE=1;
        ;;
esac;

exit "${RET_CODE}";

# End
Retrieved from "https://www.campisano.org/mediawiki/index.php?title=Script_iptables_SSHlimit.sh&oldid=716"