#!/bin/bash

# SSH erlauben - aber vor bruteforce schützen
iptables -N SSH-BruteForce
iptables -N SSH-Whitelist

iptables -A SSH-BruteForce -p tcp --dport 22 -m state --state NEW -m recent --set --name ssh
iptables -A SSH-BruteForce -p tcp --dport 22 -m state --state NEW -j SSH-Whitelist

iptables -A SSH-BruteForce -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 600 --hitcount 4 --rttl --name ssh -j DROP

iptables -I INPUT -j SSH-BruteForce

#whitelist
iptables -A SSH-Whitelist -s 10.42.0.12 -m recent --remove --name ssh -j ACCEPT


exit 0