Add rate limiting to SSH rules in iptables / firewall?

ilri / rmg-ansible-public

Ansible playbooks for ILRI research-computing infrastructure

GNU General Public License v3.0

8 stars 2 forks source link

Add rate limiting to SSH rules in iptables / firewall? #12

Closed alanorth closed 7 years ago

alanorth commented 9 years ago

We should rate limit SSH login attempts. This can be done in pure iptables and in tools like firewalld, which will be the norm in CentOS 7, Debian 8, and Ubuntu 15+.

Defending against SSH brute-force attacks with iptables
~~Rich design language in FirewallD~~

This is much easier to manage than fail2ban or blacklists, as it needs no maintenance or extra packages which might differ between distros. Also, it's pure iptables so that's nice (at least, until we start using nftables).

alanorth commented 9 years ago

Ah, the limiting in FirewallD is for limiting the logging or auditing, not for limiting connection attempts! We might have to use fail2ban after all, as it works with iptables and firewalld:

https://fedoraproject.org/wiki/Fail2ban_with_FirewallD