Avoid a frenzy of logging

This commit is contained in:
Bob Mottram 2014-02-23 20:20:14 +00:00
parent 4e66894c7b
commit 2758e5bc4e
1 changed files with 0 additions and 11 deletions

View File

@ -495,43 +495,32 @@ iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
# limit ssh logins to no more than 3 per min # limit ssh logins to no more than 3 per min
iptables -A INPUT -p tcp --dport 22 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT iptables -A INPUT -p tcp --dport 22 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m limit --limit 3/minute --limit-burst 1 -j LOG --log-prefix SSH-DROP
# Limit web connections to 20 per min # Limit web connections to 20 per min
iptables -A INPUT -p tcp --dport 80 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -m limit --limit 10/minute --limit-burst 1 -j LOG --log-prefix HTTP-DROP
iptables -A INPUT -p tcp --dport 443 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -m limit --limit 10/minute --limit-burst 1 -j LOG --log-prefix HTTPS-DROP
# Limit number of XMPP connections # Limit number of XMPP connections
iptables -A INPUT -p tcp --match multiport --dports 5222:5223,5269,5280:5281 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT iptables -A INPUT -p tcp --match multiport --dports 5222:5223,5269,5280:5281 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
iptables -A INPUT -p tcp --match multiport --dports 5222:5223,5269,5280:5281 -m limit --limit 10/minute --limit-burst 1 -j LOG --log-prefix XMPP-DROP
# Limit IRC connections # Limit IRC connections
iptables -A INPUT -p tcp --dport 6666:6670 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT iptables -A INPUT -p tcp --dport 6666:6670 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
iptables -A INPUT -p tcp --dport 6666:6670 -m limit --limit 10/minute --limit-burst 1 -j LOG --log-prefix IRC-DROP
# Limit gopher connections # Limit gopher connections
iptables -A INPUT -p tcp --dport 70 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT iptables -A INPUT -p tcp --dport 70 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
iptables -A INPUT -p tcp --dport 70 -m limit --limit 10/minute --limit-burst 1 -j LOG --log-prefix GOPH-DROP
# Limit IMAP connections # Limit IMAP connections
iptables -A INPUT -p tcp --dport 143 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT iptables -A INPUT -p tcp --dport 143 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
iptables -A INPUT -p tcp --dport 143 -m limit --limit 10/minute --limit-burst 1 -j LOG --log-prefix IMAP-DROP
# Limit SIP connections # Limit SIP connections
iptables -A INPUT -p tcp --dport 5060:5061 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT iptables -A INPUT -p tcp --dport 5060:5061 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
iptables -A INPUT -p tcp --dport 5060:5061 -m limit --limit 10/minute --limit-burst 1 -j LOG --log-prefix SIP-DROP
# Limit SMTP/SMTPS connections # Limit SMTP/SMTPS connections
iptables -A INPUT -p tcp --dport 25 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT iptables -A INPUT -p tcp --dport 25 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -m limit --limit 3/minute --limit-burst 1 -j LOG --log-prefix SMTP-DROP
iptables -A INPUT -p tcp --dport 465 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT iptables -A INPUT -p tcp --dport 465 -m limit --limit 3/minute --limit-burst 1 -j ACCEPT
iptables -A INPUT -p tcp --dport 465 -m limit --limit 3/minute --limit-burst 1 -j LOG --log-prefix SMTPS-DROP
# Limit Bitmessage connections # Limit Bitmessage connections
iptables -A INPUT -p tcp --dport 8444 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT iptables -A INPUT -p tcp --dport 8444 -m limit --limit 10/minute --limit-burst 1 -j ACCEPT
iptables -A INPUT -p tcp --dport 8444 -m limit --limit 10/minute --limit-burst 1 -j LOG --log-prefix BM-DROP
# Limit the number of incoming tcp connections # Limit the number of incoming tcp connections
# Interface 0 incoming syn-flood protection # Interface 0 incoming syn-flood protection