firewall: Add support for "recent" iptables module
To allow for rate limiting SSH attampts for example:
/usr/sbin/iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set /usr/sbin/iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
#5 Updated by Jack Neely about 1 year ago
We require the recent module to rate limit by IP address connections to the SSH port. I’ve done some additional work that can be found here:
This is in production and appears to work with git head.
Also, the following helped a bunch to get all the bits in place.
#6 Updated by Ken Barber 10 months ago
- Status changed from Accepted to Closed
Hiya … I’ve fall behind a bit on all this work, also the bug tracker is moving to here: https://github.com/puppetlabs/puppet-firewall/issues I’ve managed to move what I still think is relevant and merge up items that are related. Consider this a slight declaration of ‘ticket debt’. If you think you’re issue isn’t represented in the new tracker feel free to open a new one.
Apologies for any confusion :–).
#7 Updated by Ken Barber 10 months ago
Sorry – the new URL is actually: http://github.com/puppetlabs/puppetlabs-firewall/issues … thanks @Wolfspyre.