Page 1 of 1

how to limit ssh and telnet connection

Posted: Wed Nov 22, 2017 8:57 pm
by network99
I am in need of the Rule :

My users do not have connect to servers via telnet and ssh more than 5 connections in 1 minute !

that's mean :

192.168.88.2 ssh--> 53.75.51.x = allow
192.168.88.2 ssh--> 43.25.12.x = allow
192.168.88.2 ssh--> 38.12.88.x = allow
192.168.88.2 ssh--> 13.35.21.x = allow
192.168.88.2 ssh--> 73.15.11.x = allow
192.168.88.2 ssh--> 54.33.30.x = Deny !
192.168.88.2 ssh--> 44.23.10.x = Deny !
.
.
.

only 5 connections in 60 Second !

Re: how to limit ssh and telnet connection

Posted: Fri Nov 24, 2017 4:59 pm
by network99
help me

Re: how to limit ssh and telnet connection

Posted: Fri Nov 24, 2017 7:51 pm
by AlainCasault
help me
I'm afraid your need is unclear.


Sent from Tapatalk

Re: how to limit ssh and telnet connection

Posted: Fri Nov 24, 2017 9:15 pm
by stoser
I think that you want to limit the amount of new SSL OR Telnet connections to a maximum of 5 new sessions every 60 seconds. Is this what you are asking?

Re: how to limit ssh and telnet connection

Posted: Fri Nov 24, 2017 11:23 pm
by cdiedrich
/ip firewall filter
add action=accept chain=forward connection-state=new dst-port=22,23 limit=5/1m,5:packet protocol=tcp src-address=192.168.88.2
-Chris

Re: how to limit ssh and telnet connection

Posted: Tue Nov 28, 2017 7:43 pm
by network99
stoser wrote:
I think that you want to limit the amount of new SSL OR Telnet connections to a maximum of 5 new sessions every 60 seconds. Is this what you are asking?


Well done :)

thats right !

Re: how to limit ssh and telnet connection

Posted: Tue Nov 28, 2017 7:46 pm
by network99
stoser wrote:
I think that you want to limit the amount of new SSL OR Telnet connections to a maximum of 5 new sessions every 60 seconds. Is this what you are asking?


Well done :)
that's right


cdiedrich wrote:
/ip firewall filter
add action=accept chain=forward connection-state=new dst-port=22,23 limit=5/1m,5:packet protocol=tcp src-address=192.168.88.2

-Chris


i try it
thanks and best regards