I came across this as a possible way to limit the number of attempts a bot can make at registering before fail2ban kicks in (i.e. if the bot is so fast it can make many attempts before fail2ban detects that many > 3)
I did the following at the command prompt (for some reason putting this in /etc/sysconfig/iptables did not work, as it didn't like the syntax od \--set when I did a service iptables restart):
$ iptables -I INPUT -p udp --dport 5060 -i eth0 -m state --state NEW -m recent \--set
$ iptables -I INPUT -p udp --dport 5060 -i eth0 -m state --state NEW -m recent \--updaate --seconds 60 --hitcount 3 -j DROP
The effect of this seems to be to limit the number of attempts to register (even with the correct authentication details !) to three within a 60 second period. Obviously you can tweak the time period and number of attempts as you wish. I checked that it is iptables stopping the registrations by turning fail2ban off. After the 60 second period is over, you are allowed to register again.
This does not seem to retrict the ability to make lots of calls within the specified time period - just the new registration attempts.
If you want to kill the restriction - you just do a service iptables restart.
I'm aware though that I don't really understand what I'm playing with here - so would very much appreciate any input as to whether this is sensible thing to do.
If you want to kill the restriction - you just do a service iptables restart.
I did the following at the command prompt (for some reason putting this in /etc/sysconfig/iptables did not work, as it didn't like the syntax od \--set when I did a service iptables restart):
$ iptables -I INPUT -p udp --dport 5060 -i eth0 -m state --state NEW -m recent \--set
$ iptables -I INPUT -p udp --dport 5060 -i eth0 -m state --state NEW -m recent \--updaate --seconds 60 --hitcount 3 -j DROP
The effect of this seems to be to limit the number of attempts to register (even with the correct authentication details !) to three within a 60 second period. Obviously you can tweak the time period and number of attempts as you wish. I checked that it is iptables stopping the registrations by turning fail2ban off. After the 60 second period is over, you are allowed to register again.
This does not seem to retrict the ability to make lots of calls within the specified time period - just the new registration attempts.
If you want to kill the restriction - you just do a service iptables restart.
I'm aware though that I don't really understand what I'm playing with here - so would very much appreciate any input as to whether this is sensible thing to do.
If you want to kill the restriction - you just do a service iptables restart.