Is it possible to use iptables on Ubuntu to limit brute force attacks?

Question

Is it possible to use iptables on Ubuntu to limit brute force attacks for certain URLs? Basically I want to detect where user calls same url over and over again and drop his connection or somehow slow down if it happens too often.

score 1 · Answer 1 · answered Dec 28 '15 at 18:05

1

While it may be possible, this is something that is better handled at the application layer.

Fail2ban is a frequently-used software that can scan your access logs for certain messages and then add iptables rules to block offending IPs.

answered Dec 28 '15 at 18:05

EEAA

108,414
18
172
242

score 0 · Answer 2 · answered Dec 28 '15 at 18:07

The netfilter/iptables system doesn't really work at the URL level so it's probably not the right tool for the job.

You could use the iptables rate limiting module but that could be difficult to tune.

You may get some mileage out of a tool like fail2ban. That monitors log files and reacts as you determine.

Is it possible to use iptables on Ubuntu to limit brute force attacks?

2 Answers2