Anti Brute Force !

#!/bin/bash

# These Rules can be loaded onto your mail or other server. Adjust
# values as needed. An IP, that connect to often, gets shut out
# for 5 minutes. Special rules for special ports might be needed.
# This works well for me.

# Make two new chains:
iptables -N OFFENDER
iptables -N BADBOYS

# This chains is for new IP's that open too many connections.
# Adjust values for "limit" and "limit-burst" to your needs
# in order to not stop legit traffic

iptables -A OFFENDER -m limit --limit 1/sec --limit-burst 20 -j RETURN
iptables -A OFFENDER -m recent --set --name DEFAULT --rsource
iptables -A OFFENDER -m limit --limit 6/min -j LOG \
--log-prefix "OFFENDER " --log-level 6 --log-tcp-sequence \
--log-tcp-options --log-ip-options
iptables -A OFFENDER -j REJECT --reject-with icmp-host-unreachable

# This chains is for repeated offenders:
iptables -A BADBOYS -m limit --limit 6/min -j LOG \
--log-prefix "BADBOY: " --log-level 6 --log-tcp-sequence \
--log-tcp-options --log-ip-options
iptables -A BADBOYS -j REJECT --reject-with icmp-host-unreachable

# These get inserted into INPUT chain, as early as possible.
# after localhost and maybe localnets. The first rule shuts
# repeated offenders out for 5 minutes -- hehe.
iptables -I INPUT 5 -m recent --rcheck --seconds 300 \
--name DEFAULT --rsource -j BADBOYS
iptables -I INPUT 6 -m state --state NEW -j OFFENDER