December 22, 20205 yr I like to see some iptables rules that limit local brute-force attacks. The amount of requests and period of time should be changeable through the WebGUI. With UFW I would generate the rules as follows: ufw limit ssh ufw limit http ufw limit https Which would generate iptables rules similar to this: -A ufw-user-input -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource -A ufw-user-input -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 --name DEFAULT --mask 255.255.255.255 --rsource -j ufw-user-limit -A ufw-user-input -p tcp -m tcp --dport 22 -j ufw-user-limit-accept ... By that a (local) bad client is not able to test passwords every millisecond or even faster. And yes, strong passwords are the most important part, I know
Archived
This topic is now archived and is closed to further replies.