Only three SSH connections can be established for the same IP address within one hour @ for & ever
First, create an IP list that is not in the limit column under/proc/NET/ipt_recent /*.
Then, set the same IP address. Only three SSH connections can be established within one hour:
Iptables-A input-p tcp -- dport 22 -- syn-M recent -- rcheck -- seconds 3600 -- hitcount 3 -- RTTL -- name SSH -- rsource-J Drop
Iptables-A input-p tcp -- dport 22 -- syn-M recent -- set -- name SSH -- rsource-J accept
Iptables-A input-p tcp -- dport 22-J accept
Note the rule sequence:
First set the-J Drop of recent, and then set recent -- Set-J accept
# Set this to unlock
Iptables-A input-p tcp -- dport 1600 -- syn-J log -- log-prefix "ssh_conn_unlocked"
Iptables-A input-p tcp -- dport 1600 -- syn-M recent -- remove -- name SSH -- rsource-J reject -- reject-with ICMP-host-unreachable
Usage: Telnet Linux. Host 1600
The TCP 1600 port can be changed to any unused TCP port.
In the/proc/NET/ipt_recent/* list, if-name is not set, the default value is default.
Example:
# Add an IP address to default
Echo xx. xx>/proc/NET/ipt_recent/Default
# Remove an IP address from default
Echo-xx. xx>/proc/NET/ipt_recent/Default
# Clear default
Echo clear>/proc/NET/ipt_recent/Default
@ Forandever 2010-3-16