I have a problem to secure a SSH connection, I don’t want to put a static ip in the ssh service but but I want secure it from dictionary attacks. I think that the next iptables rules can work well in the box but I don’t know what is the equivalent in MK
iptables -N SSH_CHECK
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK
iptables -A SSH_CHECK -m recent --set --name SSH
iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP
if i understood you correctly then this is cannot be achieved in any “sane” configuration
instead i can point you to different other solution:
trusted address address list - you create address list that are trusted, and connect from these ip addresses only (limiting only external interface)
you block everything, but to connect to your router you create tunnel to your router and then login in router through tunnel which is allowed, every os is supporting, at least, PPTP tunnel
you use port knocking - you send packet to sequence of ports and that gets your ip address into address list that is allowed to connect to router remotely.
Not entirely sure if I understood the original post correctly, but this should be possible by using the connection-limiting parameters of the firewall to allow only 4 TCP connections to port 22 every 60 seconds?!
I don’t want to limit a list of trusted IP (janisk) I want to limit the access in a minute from the same IP.Add this Ip to an address list and if it acces 3 times in a minute, drop.