Thanks to Grant for the info above, but for some funny reason I cant get the following to workI'm betting that you don't have the "recent" match extension compiled in to the kernel directly or as a module. Try "iptables -m recent -h" to see if you get any output talking about recent at the bottom or if it complains. I don't think that the recent extension is in the base kernel and thus you will have to apply some patches via p-o-m to the kernel and iptables and recompile your self. Once you have support for the recent match extension you should be able to do what I have suggested. If you need help just ask.
iptables -A SSH_Brute_Force -m recent --name SSH ! --rcheck --seconds 60 -m recent --hitcount 4 --set --name SSH -j RETURN
this what I get back:
=====================
[root@abc root]# iptables -A SSH_Brute_Force -m recent --name SSH ! --rcheck --seconds 60 -m recent --hitcount 4 --set --name SSH -j RETURN
iptables v1.2.9: Unknown arg `4'
Try `iptables -h' or 'iptables --help' for more information.
[root@ns root]#
Hi
I just thought I'll join in, cause I have a similar problem, but the rest of this discussion doesn't solve it.
Like in above I have
#iptables -A SSH_Brute_Force -m recent --name SSH ! --rcheck --seconds 60 -m recent --hitcount 4 --set --name SSH -j RETURN
iptables v1.3.1: Unknown arg `4'
Try `iptables -h' or 'iptables --help' for more information.
and the iptables -m recent --help gives
#iptables -m recent --help iptables v1.3.1
Usage: iptables -[AD] chain rule-specification [options] iptables -[RI] chain rulenum rule-specification [options] <cut here> [!] --version -V print package version.
recent v1.3.1 options:
[!] --set Add source address to list, always matches.
[!] --rcheck Match if source address in list.
<cut again>
--rdest Match/Save the destination address of each packet in the recent list table.
ipt_recent v0.3.1: Stephen Frost <sfrost@xxxxxxxxxxx>. http://snowman.net/projects/ipt_recent/
I have the 'recent match' compiled into the kernel as a module
and I had recompiled the kernel and then the iptables, and still the above apears when executing.
Any ideas to what can be wrong here?
I'm on a HLFS system (april svn) and my kernel is now 2.6.11.9-grsec,
as I updated it to see if it's related to the problem.
The iptables I use was downloaded yesterday via svn
Also I understand that a `iptables -N SSH_Brute_Force` is mutedly assumed? or maybe I'm missing something bigger here?
-- With regards Łukasz Hejnak