Prevention against Brute force attack
A threshold account lockout policy in windows which locked an account after certain numbers of attempt that can be possible in UNIX also through Iptables chain rule.
Here admin can set iptable chain rules for a certain number of login attempts and if user crossed the defined number then the account will get locked for some time period as specified by admin.
Type the given below command to set iptable chain rule for account lockout policy:
sudo iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
sudo iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 120 --hitcount 3 -j DROP
If you want to block icmp requests, you can use the command below.
sudo iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: UPDATE seconds: 120 hit_count: 3 name: DEFAULT side: source mask: 255.255.255.255
tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: SET name: DEFAULT side: source mask: 255.255.255.255
DROP icmp -- anywhere anywhere icmp echo-request
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
sudo service ssh restart
Install iptables-persistent
:
sudo apt-get install iptables-persistent
Ubuntu/Debian
sudo su
iptables-save > /etc/iptables.rules
Arch/Manjaro
sudo su
iptables-save > /etc/iptables/iptables.rules