From 88231e3d35011cf2a85c76bc492033aa40bfd2f3 Mon Sep 17 00:00:00 2001
From: Girish Ramakrishnan <girish@cloudron.io>
Date: Sun, 21 Apr 2024 21:04:00 +0200
Subject: [PATCH] sftp: add rate limit

---
 setup/start/cloudron-firewall.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/setup/start/cloudron-firewall.sh b/setup/start/cloudron-firewall.sh
index 93a206282..7f1c72fcf 100755
--- a/setup/start/cloudron-firewall.sh
+++ b/setup/start/cloudron-firewall.sh
@@ -139,8 +139,8 @@ for port in 80 443; do
     ipxtables -A CLOUDRON_RATELIMIT -p tcp --syn --dport ${port} -m connlimit --connlimit-above 5000 -j CLOUDRON_RATELIMIT_LOG
 done
 
-# ssh . 5 connections per 10 seconds per IP
-for port in 22 202; do
+# ssh and sftp. 5 connections per 10 seconds per IP
+for port in 22 202 222; do
     ipxtables -A CLOUDRON_RATELIMIT -p tcp --dport ${port} -m state --state NEW -m recent --set --name "public-${port}"
     ipxtables -A CLOUDRON_RATELIMIT -p tcp --dport ${port} -m state --state NEW -m recent --update --name "public-${port}" --seconds 10 --hitcount 5 -j CLOUDRON_RATELIMIT_LOG
 done