smoketest: config: add "recent" firewall rule to dialup-router

author: Christian Poessinger <christian@poessinger.com> 2022-03-06 09:58:22 +0100
committer: Christian Poessinger <christian@poessinger.com> 2022-03-06 09:58:22 +0100
commit: 1d0d4e83d8413c1b389be763cadd5d150d4be982 (patch)
tree: 842e0ebbb3a2f78c18ce48e646f0fe7b6d66b5fb /smoketest/configs/dialup-router-complex
parent: 1073df8c3aa2a56af861155290a77a59bf5739bf (diff)
download: vyos-1x-1d0d4e83d8413c1b389be763cadd5d150d4be982.tar.gz
vyos-1x-1d0d4e83d8413c1b389be763cadd5d150d4be982.zip
1 files changed, 16 insertions, 0 deletions
diff --git a/smoketest/configs/dialup-router-complex b/smoketest/configs/dialup-router-complex
index fef79ea56..1b62deb5c 100644
--- a/smoketest/configs/dialup-router-complex
+++ b/smoketest/configs/dialup-router-complex
@@ -267,6 +267,22 @@ firewall {
             }
             protocol udp
         }
+        rule 800 {
+            action drop
+            description "SSH anti brute force"
+            destination {
+                port ssh
+            }
+            log enable
+            protocol tcp
+            recent {
+                count 4
+                time 60
+            }
+            state {
+                new enable
+            }
+        }
     }
     name DMZ-WAN {
         default-action accept
author	Christian Poessinger <christian@poessinger.com>	2022-03-06 09:58:22 +0100
committer	Christian Poessinger <christian@poessinger.com>	2022-03-06 09:58:22 +0100
commit	1d0d4e83d8413c1b389be763cadd5d150d4be982 (patch)
tree	842e0ebbb3a2f78c18ce48e646f0fe7b6d66b5fb /smoketest/configs/dialup-router-complex
parent	1073df8c3aa2a56af861155290a77a59bf5739bf (diff)
download	vyos-1x-1d0d4e83d8413c1b389be763cadd5d150d4be982.tar.gz vyos-1x-1d0d4e83d8413c1b389be763cadd5d150d4be982.zip