Linux setup

Firewall.sh

sudo apt-get install ufw
sudo ufw disable
sudo ufw default deny
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw enable

SSH hashlimit

# http://mikhailian.mova.org/node/147
# requires hashlimit
iptables -A INPUT -p tcp -m tcp --dport 22 -m state \
  --state NEW -m hashlimit --hashlimit 1/hour \
  --hashlimit-burst 2 --hashlimit-mode srcip \
  --hashlimit-name SSH --hashlimit-htable-expire 60000 
  -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 22 \
  --tcp-flags SYN,RST,ACK SYN -j DROP 

iptables -A INPUT -p tcp -m state \
  --state NEW -m tcp --dport 22 -j ACCEPT