koi.rip
my nixos dotfiles :3 (git.koi.rip mirror)
git.koi.rip/koi/dotfiles
linux
dotfiles
neovim
nixos
catppuccin
base: ssh rate limiting
+9
-1
+9
-1
modules/base/networking.nix
+9
-1
modules/base/networking.nix
···
1
1
{
2
2
networking = {
3
3
networkmanager.enable = true;
4
-
firewall.enable = true;
4
+
firewall = {
5
+
enable = true;
6
+
extraCommands = ''
7
+
iptables -I INPUT 1 -p tcp --dport 22 -m conntrack --ctstate NEW \
8
+
-m recent --name SSH --rsource --update --seconds 120 --hitcount 10 -j DROP
9
+
iptables -I INPUT 2 -p tcp --dport 22 -m conntrack --ctstate NEW \
10
+
-m recent --name SSH --rsource --set
11
+
'';
12
+
};
5
13
};
6
14
}