Message ID | 1477569021-11087-1-git-send-email-fff@chrisi01.de |
---|---|
State | Accepted |
Commit | bee682345ad91e97b6724a92777898344a7a93fd |
Headers | show |
diff --git a/src/packages/fff/fff-firewall/Makefile b/src/packages/fff/fff-firewall/Makefile index 80d562f..5f6751c 100644 --- a/src/packages/fff/fff-firewall/Makefile +++ b/src/packages/fff/fff-firewall/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fff-firewall -PKG_VERSION:=1 +PKG_VERSION:=2 PKG_RELEASE:=1 PKG_BUILD_DIR:=$(BUILD_DIR)/fff-firewall diff --git a/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh b/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh index 7fd4e30..d5cc07a 100644 --- a/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh +++ b/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh @@ -2,6 +2,6 @@ iptables -A INPUT -i $IF_WAN -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -i $IF_WAN -j REJECT -# Limit ssh to 3 new connections per 60 seconds +# Limit ssh to 6 new connections per 60 seconds /usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name dropbear -/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 --rttl --name dropbear -j DROP +/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 6 --rttl --name dropbear -j DROP
Reviewed-by: Jan Kraus <mayosemmel@gmail.com> Am Donnerstag, den 27.10.2016, 13:50 +0200 schrieb Christian Dresel: > Signed-off-by: Christian Dresel <fff@chrisi01.de> > --- > src/packages/fff/fff-firewall/Makefile | 2 +- > src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh | 4 ++-- > 2 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/src/packages/fff/fff-firewall/Makefile b/src/packages/fff/fff-firewall/Makefile > index 80d562f..5f6751c 100644 > --- a/src/packages/fff/fff-firewall/Makefile > +++ b/src/packages/fff/fff-firewall/Makefile > @@ -1,7 +1,7 @@ > include $(TOPDIR)/rules.mk > > PKG_NAME:=fff-firewall > -PKG_VERSION:=1 > +PKG_VERSION:=2 > PKG_RELEASE:=1 > > PKG_BUILD_DIR:=$(BUILD_DIR)/fff-firewall > diff --git a/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh b/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh > index 7fd4e30..d5cc07a 100644 > --- a/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh > +++ b/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh > @@ -2,6 +2,6 @@ > iptables -A INPUT -i $IF_WAN -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT > iptables -A INPUT -i $IF_WAN -j REJECT > > -# Limit ssh to 3 new connections per 60 seconds > +# Limit ssh to 6 new connections per 60 seconds > /usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name dropbear > -/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 --rttl --name dropbear -j DROP > +/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 6 --rttl --name dropbear -j DROP > -- > 2.1.4 >
Am Samstag, den 29.10.2016, 21:15 +0200 schrieb mayosemmel: > Reviewed-by: Jan Kraus <mayosemmel@gmail.com> Von mir auch. Und applied. Tim > > Am Donnerstag, den 27.10.2016, 13:50 +0200 schrieb Christian Dresel: > > Signed-off-by: Christian Dresel <fff@chrisi01.de> > > --- > > src/packages/fff/fff-firewall/Makefile | 2 +- > > src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh | 4 ++-- > > 2 files changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/src/packages/fff/fff-firewall/Makefile b/src/packages/fff/fff-firewall/Makefile > > index 80d562f..5f6751c 100644 > > --- a/src/packages/fff/fff-firewall/Makefile > > +++ b/src/packages/fff/fff-firewall/Makefile > > @@ -1,7 +1,7 @@ > > include $(TOPDIR)/rules.mk > > > > PKG_NAME:=fff-firewall > > -PKG_VERSION:=1 > > +PKG_VERSION:=2 > > PKG_RELEASE:=1 > > > > PKG_BUILD_DIR:=$(BUILD_DIR)/fff-firewall > > diff --git a/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh b/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh > > index 7fd4e30..d5cc07a 100644 > > --- a/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh > > +++ b/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh > > @@ -2,6 +2,6 @@ > > iptables -A INPUT -i $IF_WAN -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT > > iptables -A INPUT -i $IF_WAN -j REJECT > > > > -# Limit ssh to 3 new connections per 60 seconds > > +# Limit ssh to 6 new connections per 60 seconds > > /usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name dropbear > > -/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 --rttl --name dropbear -j DROP > > +/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 6 --rttl --name dropbear -j DROP > > -- > > 2.1.4 > > > > -- > franken-dev mailing list > franken-dev@freifunk.net > http://lists.freifunk.net/mailman/listinfo/franken-dev-freifunk.net
Signed-off-by: Christian Dresel <fff@chrisi01.de> --- src/packages/fff/fff-firewall/Makefile | 2 +- src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-)