返回列表 發帖

三分钟之内只能允许建立三次新会话的腳本

hello,

我在網上找到下到的腳本使實現以下的功能:
使用IP列表来实现更灵活的策略,三分钟之内只能允许建立三次新会话,超过了就阻塞

但我想問,我是不是應該將第一條的rule的drop 放在最底呢


/ip firewall filter

add chain=input protocol=tcp dst-port=21,22,23,8291 src-address-list=login_blacklist action=drop comment="drop login brute forcers 1" disabled=no

add chain=input protocol=tcp dst-port=21,22,23,8291 connection-state=new src-address-list=login_stage5 action=add-src-to-address-list address-list=login_blacklist address-list-timeout=1d comment="drop login brute forcers 2" disabled=no

add chain=input protocol=tcp dst-port=21,22,23,8291 connection-state=new src-address-list=login_stage4 action=add-src-to-address-list address-list=login_stage5 address-list-timeout=1m comment="drop login brute forcers 3" disabled=no

add chain=input protocol=tcp dst-port=21,22,23,8291 connection-state=new src-address-list=login_stage3 action=add-src-to-address-list address-list=login_stage4 address-list-timeout=1m comment="drop login brute forcers 4" disabled=no

add chain=input protocol=tcp dst-port=21,22,23,8291 connection-state=new src-address-list=login_stage2 action=add-src-to-address-list address-list=login_stage3 address-list-timeout=1m comment="drop login brute forcers 5" disabled=no

add chain=input protocol=tcp dst-port=21,22,23,8291 connection-state=new src-address-list=login_stage1 action=add-src-to-address-list address-list=login_stage2 address-list-timeout=1m comment="drop login brute forcers 6" disabled=no

add chain=input protocol=tcp dst-port=21,22,23,8291 connection-state=new action=add-src-to-address-list address-list=login_stage1 address-list-timeout=1m comment="drop login brute forcers 7" disabled=no

drop是放在優先位置。
這樣列入黑名單ip,下次再登入時才會第一時間封鎖,省去再驗證過程。

但我建議您不要浪費時間在這script,漏洞太多了。
如同個ip發出多個連線同時進行登入,這script就崩潰了,一點也不可靠。

TOP

返回列表