Tuts4Tech » iptables

IPTables and Bashrc Aliases

RCP — Sun, 30 Aug 2009 10:59:07 +0000

We all know IPTables can be difficult. By adding the following lines to your ~/.bashrc you can simplify the tasks of blocking packets from a certian ip.

First your going to need to install IPTables:
Gentoo: emerge iptables (Must be Root to use/install iptables)
Ubuntu/Debian: sudo apt-get install iptables

Then edit your .bashrc file and add the following

alias blockedips="iptables -L"
alias blockip="iptables -I INPUT -j DROP -s "
alias unblockip="iptables -D INPUT -j DROP -s "

Reload your .bashrc by running source .bashrc and you should then be able to run the commands below

blockedips - Will Show all Blocked hosts
blockip IP-HERE - Will Block that ip
unblockip IP-HERE - Unblocks that ip

Stopping SSH brute force attacks using iptables

Duffy — Thu, 09 Apr 2009 11:08:52 +0000

If your running a SSH server on the default port(22) you've probably noticed a lot of failed login attempts cause due to brute force attacks

Adding the following to your IP tables will only allow 3 connections at once from any IP if it goes above 3 then that IP is locked out for 3minutes. At this stage the bot running the attack will either give up as its getting no reply from the SSH server or it will keep trying until it finishes its wordlist

iptables -I INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --rsource

iptables -I INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 180 --hitcount 4 --name DEFAULT --rsource -j DROP