[Freedombox-discuss] Block brute force login attacks?

Petter Reinholdtsen pere at hungry.com
Tue Mar 18 21:17:29 UTC 2014

[Anders Jackson]
> This can be done directly by iptables, (but not yet with iptables6 for
> ip6tables ).
> So I would suggest using a firewall utility instead, like ufw or
> shorewall.

This sound interesting.  How can iptables know that the login attempt
failed?  My idea is to block too many failed connections, not "too
many" connections, as a script with ssh-agent backing might well
connect many times in a short while if the task is right.

> Yes, I think that is a bit too aggressive to block for more than a
> couple of hours. Half an hour to couple of hours after three failed
> access would be better, as you suggests. This can be set up in
> iptables. See ufw directive "limit".

Did not seem to care if the login failed or not, but I might have been
reading the wrong pages.

Happy hacking
Petter Reinholdtsen

More information about the Freedombox-discuss mailing list