I'm primarily a
User Developer Sysadmin A mixture Something else entirely .. ( 515 votes ~ 10 comments )
You are not currently logged in. If you do not have a user account then please consider creating one and logging in before you post your comment. This will allow you to track replies to your comment, and take part in the site much more freely.
To add your comment, fill in all the boxes below and then preview it to make sure you're happy with the way that it looks.
This is the comment you were replying to, attached to the weblog limit feature in iptables
#1 Re: limit feature in iptables Posted by sneex (63.139.xx.xx) on Thu 28 Jun 2007 at 20:11 To expand upon this example a little, I like rules similar to these: -A RESERVED_NET_CHK -s 10.0.0.0/255.0.0.0 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "Class A address: " --log-level 6 -A RESERVED_NET_CHK -s 172.16.0.0/255.240.0.0 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "Class B address: " --log-level 6 -A RESERVED_NET_CHK -s 192.168.0.0/255.255.0.0 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "Class C address: " --log-level 6 -A RESERVED_NET_CHK -s 169.254.0.0/255.255.0.0 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "Class M$ address: " --log-level 6 -A RESERVED_NET_CHK -s 10.0.0.0/255.0.0.0 -j DROP -A RESERVED_NET_CHK -s 172.16.0.0/255.240.0.0 -j DROP -A RESERVED_NET_CHK -s 192.168.0.0/255.255.0.0 -j DROP -A RESERVED_NET_CHK -s 169.254.0.0/255.255.0.0 -j DROP -A SPOOF_CHK -s 192.168.1.0/255.255.255.248 -i eth1 -j RETURN -A SPOOF_CHK -s 192.168.1.0/255.255.255.248 -i eth2 -j RETURN -A SPOOF_CHK -s 192.168.1.0/255.255.255.248 -m limit --limit 3/min -j LOG --log-prefix "Spoofed packet: " --log-level 6 -A SPOOF_CHK -s 192.168.1.0/255.255.255.248 -j DROP -A SPOOF_CHK -s 10.0.0.0/255.255.255.248 -i eth1 -j RETURN -A SPOOF_CHK -s 10.0.0.0/255.255.255.248 -i eth2 -j RETURN -A SPOOF_CHK -s 10.0.0.0/255.255.255.248 -m limit --limit 3/min -j LOG --log-prefix "Spoofed packet: " --log-level 6 -A SPOOF_CHK -s 10.0.0.0/255.255.255.248 -j DROP -A SPOOF_CHK -j RETURN -A SSH -m recent --set --name sshchk --rsource -A SSH -m limit --limit 2/min --limit-burst 1 -j LOG --log-prefix "SSH Brute force attack: " --log-level 6 -A SSH -j DROP ( See apt-cache policy arno-iptables-firewall ) -Sx- http://youve-reached-the.endoftheinternet.org/
-A RESERVED_NET_CHK -s 10.0.0.0/255.0.0.0 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "Class A address: " --log-level 6 -A RESERVED_NET_CHK -s 172.16.0.0/255.240.0.0 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "Class B address: " --log-level 6 -A RESERVED_NET_CHK -s 192.168.0.0/255.255.0.0 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "Class C address: " --log-level 6 -A RESERVED_NET_CHK -s 169.254.0.0/255.255.0.0 -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "Class M$ address: " --log-level 6 -A RESERVED_NET_CHK -s 10.0.0.0/255.0.0.0 -j DROP -A RESERVED_NET_CHK -s 172.16.0.0/255.240.0.0 -j DROP -A RESERVED_NET_CHK -s 192.168.0.0/255.255.0.0 -j DROP -A RESERVED_NET_CHK -s 169.254.0.0/255.255.0.0 -j DROP -A SPOOF_CHK -s 192.168.1.0/255.255.255.248 -i eth1 -j RETURN -A SPOOF_CHK -s 192.168.1.0/255.255.255.248 -i eth2 -j RETURN -A SPOOF_CHK -s 192.168.1.0/255.255.255.248 -m limit --limit 3/min -j LOG --log-prefix "Spoofed packet: " --log-level 6 -A SPOOF_CHK -s 192.168.1.0/255.255.255.248 -j DROP -A SPOOF_CHK -s 10.0.0.0/255.255.255.248 -i eth1 -j RETURN -A SPOOF_CHK -s 10.0.0.0/255.255.255.248 -i eth2 -j RETURN -A SPOOF_CHK -s 10.0.0.0/255.255.255.248 -m limit --limit 3/min -j LOG --log-prefix "Spoofed packet: " --log-level 6 -A SPOOF_CHK -s 10.0.0.0/255.255.255.248 -j DROP -A SPOOF_CHK -j RETURN -A SSH -m recent --set --name sshchk --rsource -A SSH -m limit --limit 2/min --limit-burst 1 -j LOG --log-prefix "SSH Brute force attack: " --log-level 6 -A SSH -j DROP
Posting Format:
Inappropriate comments will be removed.
Some help on entry formatting is available
Username:
Password:
[ Advanced Login ]
Register Account
