這個不錯!
不過大家可以參考下面這個,我也正在試。基本上這樣可以在防火牆擋下來,根本不讓封包碰到 postfix。範例是 22 port,可以改成任何 port。
原稿:http://lists.centos.org/pipermail/centos/2008-January/051102.html
To deal with brute force attacks (not just on ssh) I spent some time tracking
down how others had dealt with the problem. I discovered thereby that one can
use the simple linux firewall iptables to restrict the number of connections
to a given port from a single source over a specified interval. I therefore
added these rules to my /etc/sysconfig/iptables file:
...
# This is usually present in all setups but, you never know....
# Established connections go right through.
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
...
# Block brute force attacks
# Drop repeated ssh connection attempts within 20 seconds interval
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state -m recent -i eth0 --dport 22
--state NEW -j DROP --rcheck --seconds 20 --name THROTTLE --rsource
# Accept ssh connection if not attempted within past 20 sec.
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state -m recent -i eth0 --dport 22
--state NEW -j ACCEPT --set --name THROTTLE --rsource
You can change the interval from 20 seconds to whatever you feel represents a
decent compromise between user satisfaction and security. Many authorities
considered a value between 3 and 6 seconds sufficient to render brute force
attacks impractical. These rules can be trivially modified to protect any
destination port (-dport 21 for ftp for instance) or protocol (-p udp).
firewall 我不太懂,請懂的人幫我檢查一下。
