From bee682345ad91e97b6724a92777898344a7a93fd Mon Sep 17 00:00:00 2001 From: Christian Dresel Date: Thu, 27 Oct 2016 13:50:21 +0200 Subject: [PATCH] Increase SSH Connection Limit Signed-off-by: Christian Dresel Reviewed-by: Jan Kraus Reviewed-by: Tim Niemeyer --- src/packages/fff/fff-firewall/Makefile | 2 +- .../fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/packages/fff/fff-firewall/Makefile b/src/packages/fff/fff-firewall/Makefile index 80d562f..5f6751c 100644 --- a/src/packages/fff/fff-firewall/Makefile +++ b/src/packages/fff/fff-firewall/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fff-firewall -PKG_VERSION:=1 +PKG_VERSION:=2 PKG_RELEASE:=1 PKG_BUILD_DIR:=$(BUILD_DIR)/fff-firewall diff --git a/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh b/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh index 7fd4e30..d5cc07a 100644 --- a/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh +++ b/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh @@ -2,6 +2,6 @@ iptables -A INPUT -i $IF_WAN -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -i $IF_WAN -j REJECT -# Limit ssh to 3 new connections per 60 seconds +# Limit ssh to 6 new connections per 60 seconds /usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name dropbear -/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 --rttl --name dropbear -j DROP +/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 6 --rttl --name dropbear -j DROP