These are my current iptables rules for port 22. It works on linode and other vps providers but not on aws. On aws after executing these rules, all port 22 connections get refused or getting timed out. I'm using debian 10, with all ports opened on aws vpc. What am I missing here? Thanks.
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Chain for preventing SSH brute-force attacks.
# Permits 10 new connections within 5 minutes from a single host then drops
# incomming connections from that host. Beyond a burst of 100 connections we
# log at up 1 attempt per second to prevent filling of logs.
iptables -N SSHBRUTE
iptables -A SSHBRUTE -m recent --name SSH --set
iptables -A SSHBRUTE -m recent --name SSH --update --seconds 300 --hitcount 10 -m limit --limit 1/second --limit-burst 100 -j LOG --log-prefix "iptables[SSH-brute]: "
iptables -A SSHBRUTE -m recent --name SSH --update --seconds 300 --hitcount 10 -j DROP
iptables -A SSHBRUTE -j ACCEPT
iptables -A INPUT -p tcp --dport 22 --syn -m conntrack --ctstate NEW -j SSHBRUTE
iptables -A INPUT -p tcp --dport 22 --syn -m conntrack --ctstate ESTABLISHED -j ACCEPT
Source of ruleset - https://gist.github.com/jirutka/3742890
Update:-
I followed steps mentioned in this answer (Changed AWS EC2 firewall rule and locked out of ssh) to edit out the cron commands set to restart iptables on reboot. Now I'm able to login to the instance, but not able to replicate the issue anymore. It's still the same set of rules. Aws was also resetting my host configuration /etc/hosts file on every reboot. Now I'm setting the host configs directly on template file. Will try to replicate the issue later, have already spent hours on this.
0 Answers