Tag Archives: iptables

Restoring IPtables when box reboots

Todays post is also going to be short.
I have a VPS server running and the other day they had to reboot my host because of maintenance. Things is I lost my running iptables when the box was rebooted. So how do we get this fixed? You can create a script and us update-rc.d and make it run on the default runlevel. However, we are going to do it different. We will use /etc/network/interfaces and iptables-restore.
Continue reading

Blocking SSH attacks with IPtables

If you have a website running you might get brute force attacks on the ssh port. Below is an excerpt from the logs in /var/log/auth.log

Jan 28 21:32:16 server sshd[10855]: Failed password for illegal user root from 213.191.74.219 port 51033 ssh2
Jan 28 21:32:16 server sshd[10857]: Illegal user root from 213.191.74.219
Jan 28 21:32:16 server sshd[10857]: Failed password for illegal user root from 213.191.74.219 port 53722 ssh2
Jan 28 21:32:16 server sshd[10859]: Illegal user root from 213.191.74.219
Jan 28 21:32:16 server sshd[10859]: Failed password for illegal user root from 213.191.74.219 port 54393 ssh2
Jan 28 21:32:16 server sshd[10861]: Illegal user root from 213.191.74.219
Jan 28 21:32:16 server sshd[10861]: Failed password for illegal user root from 213.191.74.219 port 55099 ssh2

Blocking this attacks is really easy with IPtables. Just type the following from the CLI.


sudo iptables -A INPUT -i eth0 -p tcp –dport 22 -m state –state NEW -m recent –set –name SSH
sudo iptables -A INPUT -i eth0 -p tcp –dport 22 -m state –state NEW -m recent –update –seconds 60 –hitcount 3 –rttl –name SSH -j DROP

The above command will block ssh attacks on the SSH port on your server. Enjoy.