Linux box with iptables installed can apply this scenario.
Someday i have to add rule on my iptables to controlling any new incoming connections on my Slackware. This is needed because my server starting recived many unused incoming connection from outside. Flooding on my telnet port every minutes made fullfill my log. I need a smart way to manage it. Search from Google for a while and get some resources that can resolve my situation.
Let me share for you all.
Tested on Slackware 12.0, iptables v1.3.8 and work properly.
That is:
1. Ilustration :
We need rule to manage only 2 new connections allowed in 60 second entering our Linux system from same source address for some security reasons.
2. Code :
# iptables -I INPUT -p tcp --dport 23 -i eth1 -m state --state NEW -m recent --set
# iptables -I INPUT -p tcp --dport 23 -i eth1 -m state --state NEW -m recent --update \
--seconds 60 --hitcount 2 -j DROP
3. Brief Explanation :
- First line match for any new connection to port 23 from some source addresses and the rule will adding that source address into entry list Default variable.
- Line two will make linux box not available for new incoming connection on port 23 from source address who have make 2 new connections on port 23 in last 60seconds.
note :
Need more little work for some advanced rules. These iptables rule effective when applied to TCP Protocols. Other protocols has not been tested yet. I haven't found the right and effective method to test those rules other than tcp. When you did, please notify me about the results.
Good Luck, Selamat mencoba
Referensi ; google.com, iptables howto, debian firewall howto, etc
Thanks to Indonesian's Linuxer Comunity. Bravo!
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment