external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2026-03-04 15:54:48 +01:00
Code Issues Releases Wiki Activity

Add rate limiting of SSH in the firewall (#1770)

Browse Source 
See #1767.
This commit is contained in:
Marcus Bointon
2020-06-07 15:47:51 +02:00
committed by GitHub
parent bc1be9d70a
commit cfc8fb484c
3 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
setup/functions.sh
View File

@@ -136,7 +136,14 @@ function get_default_privateip {
function ufw_allow {
if [ -z "${DISABLE_FIREWALL:-}" ]; then
# ufw has completely unhelpful output
ufw allow $1 > /dev/null;
ufw allow "$1" > /dev/null;
fi
}
function ufw_limit {
if [ -z "${DISABLE_FIREWALL:-}" ]; then
# ufw has completely unhelpful output
ufw limit "$1" > /dev/null;
fi
}

4
setup/system.sh
View File

@@ -256,7 +256,7 @@ if [ -z "${DISABLE_FIREWALL:-}" ]; then
apt_install ufw
# Allow incoming connections to SSH.
ufw_allow ssh;
ufw_limit ssh;
# ssh might be running on an alternate port. Use sshd -T to dump sshd's #NODOC
# settings, find the port it is supposedly running on, and open that port #NODOC
@@ -266,7 +266,7 @@ if [ -z "${DISABLE_FIREWALL:-}" ]; then
if [ "$SSH_PORT" != "22" ]; then
echo Opening alternate SSH port $SSH_PORT. #NODOC
ufw_allow $SSH_PORT #NODOC
ufw_limit $SSH_PORT #NODOC
fi
fi