Created
January 1, 2022 20:21
-
-
Save oferreiro/c61303c22e72869ef1cd3b1739ea53f5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
*filter | |
:INPUT ACCEPT [0:0] | |
:FORWARD ACCEPT [0:0] | |
:OUTPUT ACCEPT [463:49013] | |
:sshDenied - [0:0] | |
:sshDoor - [0:0] | |
:sshGate - [0:0] | |
:sshPatio - [0:0] | |
:sshReport - [0:0] | |
:sshTagAbuser - [0:0] | |
:sshAllowed - [0:0] | |
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
-A INPUT -p icmp -j ACCEPT | |
-A INPUT -i lo -j ACCEPT | |
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j sshGate | |
-A sshDenied -m recent --remove --name ssh-check --rsource | |
-A sshDenied -m recent --remove --name ssh-abuser --rsource | |
-A sshDenied -m recent --remove --name ssh-denied --rsource | |
-A sshDenied -m recent --set --name ssh-denied --rsource -j DROP | |
-A sshDoor -m recent --rcheck --seconds 300 --hitcount 20 --rttl --name ssh-check --rsource -j sshReport | |
-A sshDoor -m recent --rcheck --seconds 60 --hitcount 4 --rttl --name ssh-check --rsource -j DROP | |
-A sshGate -m recent --rcheck --seconds 14400 --name ssh-allowed --rsource -j sshAllowed | |
-A sshGate -m recent --rcheck --name ssh-denied --rsource -j sshDenied | |
-A sshGate -m recent --rcheck --name ssh-check --rsource -j sshPatio | |
-A sshGate -m recent --rcheck --seconds 60 --reap --name ssh-knock --rsource | |
-A sshGate -m recent --rcheck --seconds 60 --hitcount 1 --rttl --name ssh-knock --rsource -j sshPatio | |
-A sshGate -m recent --set --name ssh-knock --rsource | |
-A sshGate -j DROP | |
-A sshPatio -m recent --remove --name ssh-knock --rsource | |
-A sshPatio -m recent --set --name ssh-check --rsource | |
-A sshPatio -j sshDoor | |
-A sshPatio -j ACCEPT | |
-A sshReport -m recent ! --rcheck --name ssh-abuser --rsource -j sshTagAbuser | |
-A sshReport -m recent --rcheck --seconds 300 --rttl --name ssh-abuser --rsource -j DROP | |
-A sshReport -m recent --update --name ssh-abuser --rsource | |
-A sshReport -m recent --rcheck --seconds 12000 --hitcount 18 --rttl --name ssh-abuser --rsource -j sshDenied | |
-A sshReport -j DROP | |
-A sshTagAbuser -m recent --set --name ssh-abuser --rsource -j DROP | |
-A sshAllowed -m recent --remove --name ssh-check --rsource | |
-A sshAllowed -j ACCEPT | |
COMMIT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment