Linux限制端口连接
|
568
|
0
|
Linux,教程

IPTABLES在3600秒的时间内,对22端口建立超过20次链接,则丢包处理(类似fail2ban):

iptables -I INPUT -p tcp –dport 22 -m state –state NEW -m recent –name SSHBAN –set
iptables -I INPUT -p tcp –dport 22 -m state –state NEW -m recent –name SSHBAN –update –seconds 3600 –hitcount 20 -j DROP

Firewall和IPTABLES限制每个 IP 的最大连接数:

firewall-cmd –direct –add-rule ipv4 filter INPUT_direct 0 -p tcp –dport 22 -m state –state NEW -m recent –set
firewall-cmd –direct –add-rule ipv4 filter INPUT_direct 1 -p tcp –dport 80 -m state –state NEW -m recent –update –seconds 30 –hitcount 6 -j REJECT –reject-with tcp-reset

iptables -A INPUT -p tcp –syn –dport 443 -m connlimit –connlimit-above 50 -j REJECT
iptables -A INPUT -p tcp –syn –dport 80 -m connlimit –connlimit-above 50 -j REJECT

查看已存在IPTABLES规则:

iptables -L -n –line-number

上一篇
下一篇