[TriLUG] Drop script kitties

[Bill Farrow]

I added this script to my OpenWRT firewall.  This drops ssh
connections after 3 failed attempts.  Suggestions for improvement are
most welcome.


## Logging Dropped packets
iptables -F LOGDROP
iptables -N LOGDROP
iptables -A LOGDROP -m limit --limit 1/min -j LOG --log-prefix
"iptables denied: "
iptables -A LOGDROP -j DROP


## ssh only allows 3 attempts per minute
iptables -F zone_wan
iptables -A zone_wan -p tcp --dport 22 --syn -m state --state NEW -m
limit --limit 3/min -m limit --limit-burst 3 -j ACCEPT
iptables -A zone_wan -p tcp --dport 22 --syn -j LOGDROP

iptables -A zone_wan -j input_wan
iptables -A zone_wan -j zone_wan_ACCEPT