summaryrefslogtreecommitdiff
path: root/smoketest/configs/dialup-router-complex
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-03-06 09:58:22 +0100
committerChristian Poessinger <christian@poessinger.com>2022-03-06 09:58:38 +0100
commit7c23d8a1de26b13e948c83a30771da259e9a59e8 (patch)
tree976e56a50f017239b9d1b61020e824b5480d21eb /smoketest/configs/dialup-router-complex
parent0aa13010b1a013edc3c3a89a007108dfbb82bdad (diff)
downloadvyos-1x-7c23d8a1de26b13e948c83a30771da259e9a59e8.tar.gz
vyos-1x-7c23d8a1de26b13e948c83a30771da259e9a59e8.zip
smoketest: config: add "recent" firewall rule to dialup-router
(cherry picked from commit 1d0d4e83d8413c1b389be763cadd5d150d4be982)
Diffstat (limited to 'smoketest/configs/dialup-router-complex')
-rw-r--r--smoketest/configs/dialup-router-complex16
1 files changed, 16 insertions, 0 deletions
diff --git a/smoketest/configs/dialup-router-complex b/smoketest/configs/dialup-router-complex
index fef79ea56..1b62deb5c 100644
--- a/smoketest/configs/dialup-router-complex
+++ b/smoketest/configs/dialup-router-complex
@@ -267,6 +267,22 @@ firewall {
}
protocol udp
}
+ rule 800 {
+ action drop
+ description "SSH anti brute force"
+ destination {
+ port ssh
+ }
+ log enable
+ protocol tcp
+ recent {
+ count 4
+ time 60
+ }
+ state {
+ new enable
+ }
+ }
}
name DMZ-WAN {
default-action accept