It took a lot of time and digging to get my ipTables working fairly well.
Current status: ‘Works’ w/ a noticeable, reproducible (almost unacceptable) delay on SSH connections. This delay goes away as soon as ipTables is disabled. Please help, how can I fight off the long list of potential attacks, and also get my fast ssh back?
-A INPUT -i lo -j ACCEPT -A OUTPUT -o lo -j ACCEPT #DROP fragments (from a *different* tutorial, do I need this?) -A INPUT -f -j DROP #DROP NEW NOT SYN -A INPUT -p tcp ! --syn -m state --state NEW -j DROP #DROP SYN-FIN SCANS -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP #DROP SYN-RST SCANS -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP #DROP X-MAS SCANS -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP #DROP NMAP FIN SCAN -A INPUT -p tcp --tcp-flags ALL FIN -j DROP #DROP NULL SCANS -A INPUT -p tcp --tcp-flags ALL NONE -j DROP #DROP ALL/ALL SCANS -A INPUT -p tcp --tcp-flags ALL ALL -j DROP -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT #non-standard ssh port matches ssh config -A INPUT -p tcp -m tcp --dport x1x0 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -j DROP
I dug deeper and my ISP’s nameservers and DNS look-up might be the problem:
Why would the SSH server be doing a DNS look-up, when I’m connecting as email@example.com?
and / or
Can I fix this (if DNS look-up is the cause) w/ an adjustment to the ssh config, instead of messing with having to find out the ip of the ISP’s nameservers?
If the hang is caused when you login then it is probably related to the sshd
UseDNS configuration parameter. The default for this is
yes so sshd does a lookup on your client’s hostname and then checks that it maps back to the IP address that is is seeing on the inbound connection.
You’ll probably find that you don’t have a suitable DNS PTR record for your client.
/etc/ssh/sshd_config file then restart sshd.