Limit the number of connections a host can make to sshd (3 in 60 seconds), if the limit is exceeded new conections are dropped (for 60 seconds). This seems to stop those pesky dictionary attacks.
My iptables script is /etc/networks/iptables and is run from /etc/networks/interfaces under the eth0 section like so:
pre-up /etc/networks/iptables
iptables script snippit:
# Create SSH chain
/sbin/iptables -N SSH
/sbin/iptables -A SSH -m state –state NEW -m recent –update \
–seconds 60 –hitcount 3 -j DROP
/sbin/iptables -A SSH -p tcp -m state –state NEW -m recent –set
/sbin/iptables -A SSH -p tcp -j ACCEPT
# Jump ssh trffic to SSH chain
/sbin/iptables -A INPUT -p tcp –dport 22 -j SSH
Last-Modified: 2007-03-07 19:38:50