[arm-allstar] iptables conntrack
Don Sayler
don.sayler at gmail.com
Mon Feb 21 13:00:12 EST 2022
I was thinking about adding Fail2ban to our node. I found a thread in the
forums, where David suggests using iptables conntrack instead:
iptables -p tcp --dport 9876 -m conntrack --ctstate NEW -m recent --set
iptables -p tcp --dport 9876 -m conntrack --ctstate NEW -m recent
--update --seconds 180 --hitcount 5 -j LOG --log-prefix "IPTables
Dropped: " --log-level 4
iptables -p tcp --dport 9876 -m conntrack --ctstate NEW -m recent
--update --seconds 180 --hitcount 5 -j DROP
iptables -p tcp --dport 9876 -j ACCEPT
I tried to research this a bit, but I still don't understand what the
options mean. Can someone explain? Thanks.
Don
More information about the ARM-allstar
mailing list