linux:netzwerk:firewall
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| linux:netzwerk:firewall [2023/04/20 15:34] – created ms | linux:netzwerk:firewall [2023/11/05 21:54] (current) – ms | ||
|---|---|---|---|
| Line 35: | Line 35: | ||
| } | } | ||
| </ | </ | ||
| + | < | ||
| + | nft list ruleset | ||
| + | nft flush ruleset | ||
| + | nft --check -f < | ||
| + | nft -f < | ||
| + | |||
| + | nft list rules | ||
| + | nft list tables | ||
| + | nft monitor [new | destroy] [tables | chains | sets | rules | elements] [xml | json] | ||
| + | |||
| + | systemctl status nftables.service | ||
| + | </ | ||
| + | |||
| + | Ruleset automatisch beim Booten starten | ||
| + | < | ||
| + | vi / | ||
| + | |||
| + | # | ||
| + | |||
| + | flush ruleset | ||
| + | |||
| + | table inet filter { | ||
| + | ... | ||
| + | </ | ||
| + | |||
| + | ===== Brute Force auf ssh erschweren ===== | ||
| + | |||
| + | < | ||
| + | add rule ip filter INPUT tcp dport 22 ct state new counter jump SSHBFORCE | ||
| + | |||
| + | add chain ip filter SSHBFORCE | ||
| + | |||
| + | add set ip filter denylist { type ipv4_addr; flags dynamic, timeout; timeout 5m } | ||
| + | add rule ip filter SSHBFORCE ip protocol tcp ct state new, untracked limit rate over 3/minute add @denylist { ip saddr } | ||
| + | add rule ip filter SSHBFORCE ip saddr @denylist drop | ||
| + | </ | ||
| + | |||
linux/netzwerk/firewall.1681997697.txt.gz · Last modified: 2023/04/20 15:34 by ms