Welcome to the Linux Foundation Forum!

Re:Share some iptables configuration options

Posts: 1
in Linux Security

Not sure if i am allowed to post here, but

I am looking for an IPtables config that will try to stop brute force imap logins.

is there a way i can put a time limit on the amount of attempts that an ip has to log into IMAP port and block the address if its exceeded?

Many thanks in advance.

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Comments

  • Posts: 2,177
    This is my old firewall script with the comments included, this simple one worked pretty well.

    Since then I have made a much more complicated and modular one, I will share that when it is complete.
    1. #!/bin/bash
    2. ########################################################
    3. # START THE FIREWALL SCRIPT                            #
    4. ########################################################
    5.  
    6.  
    7. # Flush the current rules
    8. iptables -F
    9.  
    10. # Block all forwarding
    11. iptables -A FORWARD -s 0/0 -j DROP
    12.  
    13. # Allow all input into loopback
    14. iptables -A INPUT -i lo -j ACCEPT
    15.  
    16. # Allow 4 pings per minute to block ping DOS attacks
    17. iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 4/m -j ACCEPT
    18.  
    19. # Allow all echo replies including destination unreachable and time exceeded
    20. iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
    21. iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
    22. iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
    23.  
    24. # Block all other icmp traffic
    25. iptables -A INPUT -p icmp -j DROP
    26.  
    27. # Allow all response traffic
    28. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    29.  
    30. # block all other incoming traffic
    31. iptables -A INPUT -j DROP
    32.  
    33. # Display confirmation message
    34. RED=$'\e[31;01m'
    35. NORMAL=$'\e[0m'
    36. echo "${RED}Firewall Started.....${NORMAL}"
  • Posts: 2,177
    That is a nice addition, that can be usful to work with the invalid attempt option in sshd to prevent breakins.
  • Posts: 2,177
    I am not fully versed in the communication methods and ports used for IMAP communication, but if you can pin down the basic packet structure of IMAP logins then you can develop n iptable rule to accomplish your task.
  • Posts: 1
    I think the best way to prevent brute force attack's to your logins on any service is not in the firewall, try using pam modules, for ssh try pam-abl (http://tech.tolero.org/blog/en/linux/ssh-password-brute-force-protection).
  • Posts: 2,177
    Tha pam option is definitely a good recommendation, in general I prefer to avoid pam because of the frequency in which vulnerabilities are discovered.
  • Posts: 25
    I don't know now that you'd like firewall setings for servers or desktops but I think that for desktops it's enough this simple rules:
    1. iptables -F
    2.  
    3. # Security policy
    4.  
    5. iptables -P INPUT DROP
    6. iptables -P FORWARD DROP
    7. iptables -P OUTPUT DROP
    8.  
    9. # Accept loopback
    10.  
    11. iptables -A INPUT -i lo -j ACCEPT
    12. iptables -A FORWARD -o lo -j ACCEPT
    13.  
    14. # Incoming and forward rules
    15.  
    16. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    17. iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    18.  
    19. # Outgoing rules
    20.  
    21. iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

    If someone want, can also log traffics and attacks attempt :)
  • Posts: 2,177
    Thank you for the script roobal, your submission is simple and clean which makes it perfect for new users.

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Quick Links

Categories

Upcoming Training