The iptables recent module can be used to,
track seen IP addresses and be able to match against them using some criteria.
This enables admins to identify and block traffic brute force attacks. In the following config will only allow 4 connections to port 22 within a 60 second time frame from a given IP address. Subsequent connections will be logged and dropped. The disadvantage of this approach is that iptables can not distinguish between successful and unsuccessful connections. This means that you potentially lock yourself out of your server! To help overcome this problem a whitelist of admin IP addresses is added.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17