Update rules-v4.txt

jessuppi · web-flow · commit fa899f76b90f · 2026-06-02T02:06:28.000+07:00
diff --git a/modules/iptables/rules-v4.txt b/modules/iptables/rules-v4.txt
@@ -23,9 +23,6 @@
 # allow established and related connections
 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
-# allow SSH (port 22)
--A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
-
 # allow HTTP and HTTPS
 -A INPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW -j ACCEPT
 
@@ -41,7 +38,7 @@
 # logging denied packets
 -A INPUT -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[IPTABLES BLOCK] "
 
-# rate limiting (prevent brute-force attacks)
+# rate limit SSH connections
 -A INPUT -p tcp --dport 22 -m limit --limit 3/min --limit-burst 5 -j ACCEPT
 -A INPUT -p tcp --dport 22 -j REJECT
 
