[tor-relays] anyone else getting sync floods from russia?
lists at for-privacy.net
lists at for-privacy.net
Mon Feb 22 00:01:25 UTC 2021
On 21.02.2021 12:12, Toralf Förster wrote:
> Would an iptables ruel with "recent" and "limit" be a solution here ?
> If yes, how do you use that (do you have a code snippet)?
Example SSH:
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
## Drop incoming connections which make more than 4 connection attempts
upon port 22 within ten minutes
-A INPUT -p tcp --dport 22 -m state --state NEW -m recent --name ssh
--set
-A INPUT -p tcp --dport 22 -m state --state NEW -m recent --name ssh
--update --seconds 600 --hitcount 4 -j DROP
## To list these damned IP's: 'nano /proc/net/xt_recent/ssh' or
## 'cat /proc/net/xt_recent/ssh > recent-ssh.txt'
Multiport example:
# Up to 15 ports can be specified. A port range (port:port) counts as
two ports.
# Drop incoming connections which make more than 10 connection attempts
upon ports x-y within 1 minute
-A INPUT -p tcp -m multiport --dports xx:yy -m state --state NEW -m
recent --name syfloo --set
-A INPUT -p tcp -m multiport --dports xx:yy -m state --state NEW -m
recent --name syfloo --update --seconds 60 --hitcount 10 -j DROP
Be sure to look for
ip_list_tot:number of IPs to remember per list
cat /sys/module/xt_recent/parameters/ip_list_tot
nifty must increase to 10000 ;-)
https://ipset.netfilter.org/iptables-extensions.man.html
--connlimit-upto & --connlimit-above looks interesting too.
--
╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!
More information about the tor-relays
mailing list