Well, I thought I was doing so well. I discover now that no one, including me, can get into my system any more via ssh. Here are the current iptables rules:
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j DROP -A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m hashlimit --hashlimit-upto 1/hour --hashlimit-burst 16 --hashlimit-mode srcip --hashlimit-name ssh --hashlimit-htable-expire 60000 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j DROP -A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m hashlimit --hashlimit-upto 1/hour --hashlimit-burst 16 --hashlimit-mode srcip --hashlimit-name ssh --hashlimit-htable-expire 60000 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j DROP -A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m hashlimit --hashlimit-upto 1/hour --hashlimit-burst 16 --hashlimit-mode srcip --hashlimit-name ssh --hashlimit-htable-expire 60000 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j DROP -A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m hashlimit --hashlimit-upto 1/hour --hashlimit-burst 16 --hashlimit-mode srcip --hashlimit-name ssh --hashlimit-htable-expire 60000 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j DROP -A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m hashlimit --hashlimit-upto 1/hour --hashlimit-burst 16 --hashlimit-mode srcip --hashlimit-name ssh --hashlimit-htable-expire 60000 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j DROP -A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j DROP -A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -m hashlimit --hashlimit-upto 1/hour --hashlimit-burst 16 --hashlimit-mode srcip --hashlimit-name ssh --hashlimit-htable-expire 60000 -j ACCEPT COMMIT What'd I do?
