Taylor, Grant wrote: >> iptables -A SSH_Brute_Force -m recent --name SSH ! --rcheck --seconds >> 60 -m recent --hitcount 4 --set --name SSH -j RETURN >> >> this what I get back: >> ===================== >> [root@abc root]# iptables -A SSH_Brute_Force -m recent --name SSH ! >> --rcheck --seconds 60 -m recent --hitcount 4 --set --name SSH -j RETURN >> iptables v1.2.9: Unknown arg `4' >> Try `iptables -h' or 'iptables --help' for more information. >> [root@ns root]# > > > I'm betting that you don't have the "recent" match extension compiled in > to the kernel directly or as a module. Try "iptables -m recent -h" to > see if you get any output talking about recent at the bottom or if it > complains. I don't think that the recent extension is in the base > kernel and thus you will have to apply some patches via p-o-m to the > kernel and iptables and recompile your self. Once you have support for > the recent match extension you should be able to do what I have > suggested. If you need help just ask. I get the error Brent gets above, but I do have the recent module: >From the iptables -m recent -h command you suggest: ipt_recent v0.3.1: Stephen Frost <sfrost@xxxxxxxxxxx>. http://snowman.net/projects/ipt_recent/ and "--hitcount" is referenced in the help: --hitcount hits For check and update commands above. Specifies that the match will only occur if source address seen hits times. FWIW, I'm using iptables 1.2.11 in Fedora Core 3. pete
