"Fossies" - the Fresh Open Source Software Archive

Member "aif-2.1.1/etc/arno-iptables-firewall/plugins/ssh-brute-force-protection.conf" (16 Sep 2020, 1548 Bytes) of package /linux/privat/aif-2.1.1.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Generic config files source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "ssh-brute-force-protection.conf": 2.0.3_vs_2.1.0.

    1 # ------------------------------------------------------------------------------
    2 #    -= Arno's Iptables Firewall(AIF) - SSH Brute Force Protection plugin =-
    3 # ------------------------------------------------------------------------------
    4 
    5 # To actually enable this plugin make ENABLED=1:
    6 # ------------------------------------------------------------------------------
    7 ENABLED=0
    8 
    9 # Specify here the port(s) you want the SSH checks to apply to. Note that this
   10 # plugin does NOT open the ports for you, this must be done in the main script
   11 # with eg. OPEN_TCP!
   12 # ------------------------------------------------------------------------------
   13 SSH_BFP_PORTS="22"
   14 
   15 # Specify here the hosts you want to allow to bypass the SSH protection checks
   16 # ------------------------------------------------------------------------------
   17 SSH_BFP_TRUSTED_HOSTS=""
   18 
   19 # 1st set of maximum allowed connection attempts
   20 # (default: 4 connections/60 seconds)
   21 # ------------------------------------------------------------------------------
   22 SSH_BFP_MAX_RATE1="4"
   23 SSH_BFP_MAX_TIME1="60"
   24 
   25 # 2nd set of maximum allowed connection attempts
   26 # (default: 10 connections/1800 seconds)
   27 # ------------------------------------------------------------------------------
   28 SSH_BFP_MAX_RATE2="10"
   29 SSH_BFP_MAX_TIME2="1800"
   30 
   31 # (EXPERT SETTING!) If ip6tables '-m recent' IPv6 support is not available:
   32 # Disable (0) if the kernel module xt_recent is not available, only IPv4 will be used.
   33 # ------------------------------------------------------------------------------
   34 SSH_BFP_IPV6_ENABLE=1
   35