smoketest: config: add "recent" firewall rule to dialup-router

(cherry picked from commit 1d0d4e83d8413c1b389be763cadd5d150d4be982)
author: Christian Poessinger <christian@poessinger.com> 2022-03-06 09:58:22 +0100
committer: Christian Poessinger <christian@poessinger.com> 2022-03-06 09:58:38 +0100
commit: 7c23d8a1de26b13e948c83a30771da259e9a59e8 (patch)
tree: 976e56a50f017239b9d1b61020e824b5480d21eb /smoketest
parent: 0aa13010b1a013edc3c3a89a007108dfbb82bdad (diff)
download: vyos-1x-7c23d8a1de26b13e948c83a30771da259e9a59e8.tar.gz
vyos-1x-7c23d8a1de26b13e948c83a30771da259e9a59e8.zip
1 files changed, 16 insertions, 0 deletions
diff --git a/smoketest/configs/dialup-router-complex b/smoketest/configs/dialup-router-complex
index fef79ea56..1b62deb5c 100644
--- a/smoketest/configs/dialup-router-complex
+++ b/smoketest/configs/dialup-router-complex
@@ -267,6 +267,22 @@ firewall {
             }
             protocol udp
         }
+        rule 800 {
+            action drop
+            description "SSH anti brute force"
+            destination {
+                port ssh
+            }
+            log enable
+            protocol tcp
+            recent {
+                count 4
+                time 60
+            }
+            state {
+                new enable
+            }
+        }
     }
     name DMZ-WAN {
         default-action accept
author	Christian Poessinger <christian@poessinger.com>	2022-03-06 09:58:22 +0100
committer	Christian Poessinger <christian@poessinger.com>	2022-03-06 09:58:38 +0100
commit	7c23d8a1de26b13e948c83a30771da259e9a59e8 (patch)
tree	976e56a50f017239b9d1b61020e824b5480d21eb /smoketest
parent	0aa13010b1a013edc3c3a89a007108dfbb82bdad (diff)
download	vyos-1x-7c23d8a1de26b13e948c83a30771da259e9a59e8.tar.gz vyos-1x-7c23d8a1de26b13e948c83a30771da259e9a59e8.zip