diff options
author | Viacheslav Hletenko <v.gletenko@vyos.io> | 2022-05-10 15:14:19 +0000 |
---|---|---|
committer | Viacheslav Hletenko <v.gletenko@vyos.io> | 2022-05-12 17:27:38 +0000 |
commit | 2e81f9e057f598a9a9e5c2d617e3d0818005d850 (patch) | |
tree | 71081daf520515702ec608a66cd8831cd6cf88fb /interface-definitions/system-conntrack.xml.in | |
parent | 432fd1b5e7b5a1e5b8503bf0dcd106369e323dc7 (diff) | |
download | vyos-1x-2e81f9e057f598a9a9e5c2d617e3d0818005d850.tar.gz vyos-1x-2e81f9e057f598a9a9e5c2d617e3d0818005d850.zip |
sshguard: T4408: Add service ssh dynamic-protection
Sshguard protects hosts from brute-force attacks
Can inspect logs and block "bad" addresses by threshold
Auto-generate rules for nftables
When service stopped all generated rules are deleted
nft "type filter hook input priority filter - 10"
set service ssh dynamic-protection
set service ssh dynamic-protection block-time 120
set service ssh dynamic-protection detect-time 1800
set service ssh dynamic-protection threshold 30
set service ssh dynamic-protection whitelist-address 192.0.2.1
Diffstat (limited to 'interface-definitions/system-conntrack.xml.in')
0 files changed, 0 insertions, 0 deletions