# Add IPs connecting to WHITELIST_PORT to ipt_recent table WHITELIST. # Connecting to WHITELIST_PORT +/-1 removes IP from WHITELIST. # (WHITELIST_PORT should be set in shorewall/params) # # by Juergen Kreileder # http://blog.blackdown.de/2005/02/18/mitigating-ssh-brute-force-attacks-with-ipt_recent/ if [ -n "$LEVEL" ]; then run_iptables -N ${CHAIN}Add log_rule_limit $LEVEL ${CHAIN}Add WhitelistAdd DROP "$LOG_LIMIT" $TAG run_iptables -A ${CHAIN}Add -j DROP run_iptables -N ${CHAIN}Del log_rule_limit $LEVEL ${CHAIN}Del WhitelistDel DROP "$LOG_LIMIT" $TAG run_iptables -A ${CHAIN}Del -j DROP run_iptables -A $CHAIN -p tcp -m multiport \ --dports $[$WHITELIST_PORT-1],$[$WHITELIST_PORT+1] \ -m recent --remove --name WHITELIST -j ${CHAIN}Del run_iptables -A $CHAIN -p tcp --dport $WHITELIST_PORT \ -m recent --set --name WHITELIST -j ${CHAIN}Add else run_iptables -A $CHAIN -p tcp -m multiport \ --dports $[$WHITELIST_PORT-1],$[$WHITELIST_PORT+1] \ -m recent --remove --name WHITELIST -j DROP run_iptables -A $CHAIN -p tcp --dport $WHITELIST_PORT \ -m recent --set --name WHITELIST -j DROP fi