Ninguém@lemmy.pt to

Debian operating system@lemmy.ml · 5 days ago

nftables - progressive rate limiting

3

11

nftables - progressive rate limiting

Ninguém@lemmy.pt to

Debian operating system@lemmy.ml · 5 days ago

3

I’d like to progressively rate limit ssh connections by 3 per minute, 12 an hour and 24 a day.

I have these rules that don’t seem to be working:

tcp dport 22 ct state new limit rate over 24/day drop comment "24+ a day"
tcp dport 22 ct state new limit rate over 12/hour drop comment "12+ an hour"
tcp dport 22 ct state new limit rate over 3/minute drop comment "3+ a minute"
tcp dport 22 ct state new limit rate 3/minute accept comment "Good SSH"

I’m still stuck in debian 10.13, stock kernel 4.19.316-1 (2024-06-25) and nftables v0.9.0 (Fearless Fosdick).

sets are not yet available, as far as I know.

Chat

swab148@lemm.ee
link
fedilink
English
arrow-up
3·
4 days ago
You could learn about how fail2ban works, and in the process decide if it’s the right implementation for your use case, or maybe get some ideas for your implementation from the research.

Debian operating system@lemmy.ml

debian@lemmy.ml

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !debian@lemmy.ml

Debian is a free operating system (OS) for your computer. An operating system is the set of basic programs and utilities that make your computer run. Debian provides more than a pure OS: it comes with over 59000 packages, precompiled software bundled up in a nice format for easy installation on your machine.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

4 users / day
36 users / week
84 users / month
319 users / 6 months
1 local subscriber
3.2K subscribers
132 Posts
375 Comments
Modlog

mods:
cydork@lemmy.ml