Iptables uses ipt_recent as anti-brush restriction 01/14 Update SLTechnology News&Howtos

Iptables uses ipt_recent as anti-brush restriction

2025-01-14 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

Iptables uses ipt_recent for anti-brush restrictions (log is accessed more than 240times in 1 minute and discarded)

1. Iptables needs to support ipt_recent module

2. Modify the limits of ip_list_tot and ip_pkt_list_tot

Chmod 600 / sys/module/ipt_recent/parameters/ip_list_totecho 10240 > / sys/module/ipt_recent/parameters/ip_list_totchmod 600 / sys/module/ipt_recent/parameters/ip_pkt_list_totecho 500 > / sys/module/ipt_recent/parameters/ip_pkt_list_tot

3. Set up iptables syslog log

# Edit / etc/syslog.conf add the following line

Kern.=debug / var/log/firewall/http_access.log# create a new log directory mkdir / var/log/firewall/# restart service / etc/init.d/syslog restart

4. Establish iptables strategy

# establish record sheet iptables-I INPUT-p tcp-- dport 80-d 192.168.160.44\-m state-- state NEW-m recent-- name httpuser-- set# exceed the limit log iptables-An INPUT-m recent-- update-- name httpuser-- seconds 60\-- hitcount 240-j LOG-- log-level 5-- log-prefix 'HTTP attack:' # exceed the limit DROPiptables-An INPUT-m recent-update-name httpuser-seconds 60\-hitcount 240j DROP# Note: view httpuser record / proc/net/ipt_recent/httpuser

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.