sethur/firmware
1
0
Fork 0
forked from freifunk-franken/firmware
Code Issues Pull Requests Packages Projects Releases Wiki Activity
52e15e072c
firmware/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh
Fabian Blaese 52e15e072c fff-firewall: Remove ssh firewall on WAN interface 
This firewall was introduced as a countermeasure for very slow routers
directly connected to the internet without any firewall.

Our routers have got quite a bit faster since then. Also, a setup like
this is highly uncommon, especially for slower routers.

Therefore this firewall rule is removed.

Fixes: #138
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
[bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-15 13:05:49 +02:00

4 lines
304 B
Plaintext
Raw Blame History

# Limit ssh to 6 new connections per 60 seconds
/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name dropbear
/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 6 --rttl --name dropbear -j DROP
Reference in New Issue View Git Blame Copy Permalink