From 49bf540db4c6e11348ea2fbd536257e13efc02e9 Mon Sep 17 00:00:00 2001
From: Tim Niemeyer <tim.niemeyer@mastersword.de>
Date: Sun, 27 Oct 2013 13:10:56 +0100
Subject: [PATCH] firewall.user: Filter ssh brute force attacks

Signed-off-by: Tim Niemeyer <tim.niemeyer@mastersword.de>
---
 bsp/default/root_file_system/etc/firewall.user | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/bsp/default/root_file_system/etc/firewall.user b/bsp/default/root_file_system/etc/firewall.user
index d6a1931..fc2ba26 100755
--- a/bsp/default/root_file_system/etc/firewall.user
+++ b/bsp/default/root_file_system/etc/firewall.user
@@ -9,3 +9,6 @@ WAN=$(uci get network.wan.ifname)
 iptables -A INPUT -i $WAN -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 iptables -A INPUT -i $WAN -j REJECT
 
+# Limit ssh to 3 new connections per 60 seconds
+/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name dropbear
+/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 --rttl --name dropbear -j DROP