Thanks to Grant for the info above, but for some funny reason I cant get the following to work
iptables -A SSH_Brute_Force -m recent --name SSH ! --rcheck --seconds 60 -m recent --hitcount 4 --set --name SSH -j RETURN
this what I get back:
=====================
[root@abc root]# iptables -A SSH_Brute_Force -m recent --name SSH ! --rcheck --seconds 60 -m recent --hitcount 4 --set --name SSH -j RETURN
iptables v1.2.9: Unknown arg `4'
Try `iptables -h' or 'iptables --help' for more information.
[root@ns root]#
I'm betting that you don't have the "recent" match extension compiled in to the kernel directly or as a module. Try "iptables -m recent -h" to see if you get any output talking about recent at the bottom or if it complains. I don't think that the recent extension is in the base kernel and thus you will have to apply some patches via p-o-m to the kernel and iptables and recompile your self. Once you have support for the recent match extension you should be able to do what I have suggested. If you need help just ask.
Grant. . . .
