linux:netzwerk:firewall
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| linux:netzwerk:firewall [2023/04/20 15:43] – ms | linux:netzwerk:firewall [2023/11/05 21:54] (current) – ms | ||
|---|---|---|---|
| Line 43: | Line 43: | ||
| nft list rules | nft list rules | ||
| nft list tables | nft list tables | ||
| + | nft monitor [new | destroy] [tables | chains | sets | rules | elements] [xml | json] | ||
| systemctl status nftables.service | systemctl status nftables.service | ||
| Line 57: | Line 58: | ||
| table inet filter { | table inet filter { | ||
| ... | ... | ||
| + | </ | ||
| + | |||
| + | ===== Brute Force auf ssh erschweren ===== | ||
| + | |||
| + | < | ||
| + | add rule ip filter INPUT tcp dport 22 ct state new counter jump SSHBFORCE | ||
| + | |||
| + | add chain ip filter SSHBFORCE | ||
| + | |||
| + | add set ip filter denylist { type ipv4_addr; flags dynamic, timeout; timeout 5m } | ||
| + | add rule ip filter SSHBFORCE ip protocol tcp ct state new, untracked limit rate over 3/minute add @denylist { ip saddr } | ||
| + | add rule ip filter SSHBFORCE ip saddr @denylist drop | ||
| </ | </ | ||
linux/netzwerk/firewall.1681998200.txt.gz · Last modified: 2023/04/20 15:43 by ms