Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: How can I limit ssh connection attempts via UFW?

  1. September 8th, 2009 #1
    jocampo's Avatar
    jocampo
    jocampo is offline Tea Glorious Tea!
    Join Date
    Feb 2009
    Location
    Texas
    Beans
    Hidden!
    Distro
    Ubuntu 10.04 Lucid Lynx

    How can I limit ssh connection attempts via UFW?

    I am trying to accomplish this but via UFW

    Code:
    sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
    Can I do the same with UFW rules? I am just trying to minimize or reduce Brute Force Attacks. Right now I have two main rules using UFW: one allowing SSH and other one allowing WWW (port 80) I would like to keep those but limiting the number of ssh connections per min also with above mentioned iptable rules...

    Thanks in advance,
    Advanced reply Adv Reply  
  2. September 8th, 2009 #2
    cdenley
    cdenley is offline Ubuntu addict and loving it
    Join Date
    Dec 2006
    Location
    Chicago
    Beans
    3,839

    Re: How can I limit ssh connection attempts via UFW?

    Code:
    sudo ufw limit ssh/tcp
    From:
    Code:
    man ufw
    ufw supports connection rate limiting, which is useful for protecting
    against brute-force login attacks. ufw will deny connections if an IP
    address has attempted to initiate 6 or more connections in the last 30
    seconds. See http://www.debian-administration.org/articles/187 for
    details.
    Advanced reply Adv Reply  
  3. September 8th, 2009 #3
    bodhi.zazen's Avatar
    bodhi.zazen
    bodhi.zazen is offline Walking moon
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: How can I limit ssh connection attempts via UFW?

    Or you can add those (iptables) rules in the ufw config files

    /etc/ufw/before.rules
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface
    Advanced reply Adv Reply  
  4. September 8th, 2009 #4
    jocampo's Avatar
    jocampo
    jocampo is offline Tea Glorious Tea!
    Join Date
    Feb 2009
    Location
    Texas
    Beans
    Hidden!
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: How can I limit ssh connection attempts via UFW?

    cdenley / bodhi

    Thanks for reply, couple of questions ...

    1. What's the purpose of "limit" when using UFW?
    2. How can I add UFW tables, via "iptable" command?

    This is what I was trying to do and for some reason is not working.

    Code:
    udo ufw allow ssh
sudo ufw allow www
sudo ufw default deny

sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 --rttl --name SSH -j DROP
    The UFW lines work, but when I try to edit the iptables so I can restrict the number of ssh loging attempts to 3/min, it does nothing. I want to block all traffic but ssh and www but at same time, restrict the login attempts 'cause I recieve brute force attacks almost every day. Yes I am using denyhosts, no! I won't and I can not change port 22

    I want to limit the login attempts via iptables but combining that with UFW rules.
    Advanced reply Adv Reply  
  5. September 8th, 2009 #5
    cdenley
    cdenley is offline Ubuntu addict and loving it
    Join Date
    Dec 2006
    Location
    Chicago
    Beans
    3,839

    Re: How can I limit ssh connection attempts via UFW?

    1.
    Code:
    sudo ufw limit ssh/tcp
    The above command effectively does the same thing as
    Code:
    sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 --rttl --name SSH -j DROP
    2.
    If you append rules after UFW already created iptables rules, then your rules will only be checked if a UFW chain hasn't already accepted the packet. If you want to add the rules using the "iptables" command, use insert (-I) instead of append (-A).

    If you want to configure UFW to add those custom iptables rules, add this to /etc/ufw/before.rules before "COMMIT":
    Code:
    -A ufw-before-input -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
-A ufw-before-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 --rttl --name SSH -j DROP
    Advanced reply Adv Reply  
  6. September 8th, 2009 #6
    jocampo's Avatar
    jocampo
    jocampo is offline Tea Glorious Tea!
    Join Date
    Feb 2009
    Location
    Texas
    Beans
    Hidden!
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: How can I limit ssh connection attempts via UFW?

    [QUOTE=cdenley;7917578]1.
    Code:
    sudo ufw limit ssh/tcp
    Thanks for reply

    But, where do you specify the max attempts, like 3 per min, etc... and the timeframe, 60secs on this case
    Advanced reply Adv Reply  
  7. September 8th, 2009 #7
    cdenley
    cdenley is offline Ubuntu addict and loving it
    Join Date
    Dec 2006
    Location
    Chicago
    Beans
    3,839

    Re: How can I limit ssh connection attempts via UFW?

    Quote Originally Posted by jocampo View Post
    But, where do you specify the max attempts, like 3 per min, etc... and the timeframe, 60secs on this case
    It does not appear that you can with the ufw command. It only filters after "6 or more connections in the last 30 seconds".
    Advanced reply Adv Reply  
  8. September 8th, 2009 #8
    jocampo's Avatar
    jocampo
    jocampo is offline Tea Glorious Tea!
    Join Date
    Feb 2009
    Location
    Texas
    Beans
    Hidden!
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: How can I limit ssh connection attempts via UFW?

    Quote Originally Posted by cdenley View Post
    It does not appear that you can with the ufw command. It only filters after "6 or more connections in the last 30 seconds".
    Got it, so ... in order to accomplish my goal, should I?

    Code:
    sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
    and then ...

    Code:
    sudo ufw default deny
    Advanced reply Adv Reply  
  9. September 8th, 2009 #9
    cdenley
    cdenley is offline Ubuntu addict and loving it
    Join Date
    Dec 2006
    Location
    Chicago
    Beans
    3,839

    Re: How can I limit ssh connection attempts via UFW?

    No, that will still append your rules after UFW's chains. You want to insert your rules before the UFW chains.
    Code:
    sudo iptables -I 1 INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
sudo iptables -I 2 INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
    Advanced reply Adv Reply  
  10. September 8th, 2009 #10
    jocampo's Avatar
    jocampo
    jocampo is offline Tea Glorious Tea!
    Join Date
    Feb 2009
    Location
    Texas
    Beans
    Hidden!
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: How can I limit ssh connection attempts via UFW?

    Ok

    Let me try ... i understand UFW a bit but the way IPTABLES work, CHAINS, rules inside chains and precede, etc, is kind of confusing....

    Thanks a lot for your help so far
    Advanced reply Adv Reply  
Page 1 of 2 12 LastLast
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Ubuntu Forums Code of Conduct