2 # SSH bruteforce detection and REJECT
4 iptables -N SSH_Brute_Force
5 iptables -A INPUT -p tcp -m tcp --dport 22 -m state \
6 --state NEW -m recent --set --name SSH --rsource -j SSH_Brute_Force
7 iptables -A SSH_Brute_Force -m recent ! --rcheck --seconds 90 \
8 --hitcount 3 --name SSH --rsource -j RETURN
9 iptables -A SSH_Brute_Force -p tcp -j REJECT \
10 --reject-with icmp-port-unreachable