11 lines
318 B
Plaintext
11 lines
318 B
Plaintext
*raw
|
|
:PORTKNOCK -
|
|
|
|
-A PREROUTING -p tcp -m tcp --tcp-flags SYN,ACK SYN -j PORTKNOCK
|
|
|
|
-A PORTKNOCK -p tcp -m tcp --dport 22 -m recent --rcheck --seconds 300 --reap --name SSHOK -j RETURN
|
|
-A PORTKNOCK -p tcp -m tcp --dport 22222 -m recent --set --name SSHOK -j DROP
|
|
-A PORTKNOCK -p tcp -m tcp --dport 22 -j DROP
|
|
|
|
COMMIT
|