[PATCH] Increase SSH Connection Limit
Christian Dresel
fff at chrisi01.de
Do Okt 27 13:50:21 CEST 2016
Signed-off-by: Christian Dresel <fff at chrisi01.de>
---
src/packages/fff/fff-firewall/Makefile | 2 +-
src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/packages/fff/fff-firewall/Makefile b/src/packages/fff/fff-firewall/Makefile
index 80d562f..5f6751c 100644
--- a/src/packages/fff/fff-firewall/Makefile
+++ b/src/packages/fff/fff-firewall/Makefile
@@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-firewall
-PKG_VERSION:=1
+PKG_VERSION:=2
PKG_RELEASE:=1
PKG_BUILD_DIR:=$(BUILD_DIR)/fff-firewall
diff --git a/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh b/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh
index 7fd4e30..d5cc07a 100644
--- a/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh
+++ b/src/packages/fff/fff-firewall/files/usr/lib/firewall.d/20-filter-ssh
@@ -2,6 +2,6 @@
iptables -A INPUT -i $IF_WAN -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i $IF_WAN -j REJECT
-# Limit ssh to 3 new connections per 60 seconds
+# Limit ssh to 6 new connections per 60 seconds
/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name dropbear
-/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 --rttl --name dropbear -j DROP
+/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 6 --rttl --name dropbear -j DROP
--
2.1.4
Mehr Informationen über die Mailingliste franken-dev