Welcome to the new Linux Foundation Forum!

Re:Share some iptables configuration options

Not sure if i am allowed to post here, but

I am looking for an IPtables config that will try to stop brute force imap logins.

is there a way i can put a time limit on the amount of attempts that an ip has to log into IMAP port and block the address if its exceeded?

Many thanks in advance.

Comments

  • mfillpotmfillpot Posts: 2,180
    This is my old firewall script with the comments included, this simple one worked pretty well.

    Since then I have made a much more complicated and modular one, I will share that when it is complete.
    #!/bin/bash
    ########################################################
    # START THE FIREWALL SCRIPT                            #
    ########################################################
    
    
    # Flush the current rules
    iptables -F
    
    # Block all forwarding
    iptables -A FORWARD -s 0/0 -j DROP
    
    # Allow all input into loopback
    iptables -A INPUT -i lo -j ACCEPT
    
    # Allow 4 pings per minute to block ping DOS attacks
    iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 4/m -j ACCEPT
    
    # Allow all echo replies including destination unreachable and time exceeded
    iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
    iptables -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
    iptables -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
    
    # Block all other icmp traffic
    iptables -A INPUT -p icmp -j DROP
    
    # Allow all response traffic
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    
    # block all other incoming traffic
    iptables -A INPUT -j DROP
    
    # Display confirmation message
    RED=$'\e[31;01m'
    NORMAL=$'\e[0m'
    echo "${RED}Firewall Started.....${NORMAL}"
    
  • LegacyUserLegacyUser Posts: 0
    #Limit the number of connections via SSH a 1 in 30 seconds, what prevents brute force password
    iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --update --seconds 30 --name SSHT --rsource -j DROP
    iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set --name SSHT --rsource -j ACCEPT
  • mfillpotmfillpot Posts: 2,180
    That is a nice addition, that can be usful to work with the invalid attempt option in sshd to prevent breakins.
  • mfillpotmfillpot Posts: 2,180
    I am not fully versed in the communication methods and ports used for IMAP communication, but if you can pin down the basic packet structure of IMAP logins then you can develop n iptable rule to accomplish your task.
  • I think the best way to prevent brute force attack's to your logins on any service is not in the firewall, try using pam modules, for ssh try pam-abl (http://tech.tolero.org/blog/en/linux/ssh-password-brute-force-protection).
  • mfillpotmfillpot Posts: 2,180
    Tha pam option is definitely a good recommendation, in general I prefer to avoid pam because of the frequency in which vulnerabilities are discovered.
  • roobalroobal Posts: 25
    I don't know now that you'd like firewall setings for servers or desktops but I think that for desktops it's enough this simple rules:
    iptables -F
    
    # Security policy
    
    iptables -P INPUT DROP
    iptables -P FORWARD DROP
    iptables -P OUTPUT DROP
    
    # Accept loopback
    
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A FORWARD -o lo -j ACCEPT
    
    # Incoming and forward rules
    
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    
    # Outgoing rules
    
    iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    

    If someone want, can also log traffics and attacks attempt :)
  • mfillpotmfillpot Posts: 2,180
    Thank you for the script roobal, your submission is simple and clean which makes it perfect for new users.
Sign In or Register to comment.