* recent match in SSH chain not working
@ 2005-12-04 9:59 Tim Fenn
0 siblings, 0 replies; only message in thread
From: Tim Fenn @ 2005-12-04 9:59 UTC (permalink / raw)
To: netfilter
I'm using a variant of Grant Taylor's SSH brute force chain table in
my firewall script, but I'm having a bit of trouble. I first define a
SSH chain as:
/sbin/iptables -N SSH
/sbin/iptables -F SSH
/sbin/iptables -A SSH -m recent --name SSH --set --rsource
/sbin/iptables -A SSH -i ${IFint} -j RETURN
/sbin/iptables -A SSH -m recent ! --rcheck --seconds 60 --hitcount 3 --name SSH --rsource -j RETURN
/sbin/iptables -A SSH -j DUMP
(IFint is a trusted, internal network) and then a jump to the chain in
my INPUT rules:
/sbin/iptables -A INPUT -p tcp -i ${IFext} --dport ssh -m state --state NEW -j SSH
/sbin/iptables -A INPUT -p tcp -i ${IFext} --dport ssh -j ACCEPT
the jump to the SSH chain works fine, and I notice the recent list
being created correctly in /proc/net/ipt_recent/SSH. However, the
rule:
/sbin/iptables -A SSH -m recent ! --rcheck --seconds 60 --hitcount 3 --name SSH --rsource -j RETURN
never matches any packets, and thus any connection from outside my
trusted network fails. Strangely, this rule *worked* for awhile, and
only recently stopped allowing outside SSH connections, for reasons
I'm completely mystified by - my only guess is a recent upgrade borked
something, or I'm missing something obvious in the above ruleset. Any
help/pointers would be greatly appreciated.
If its of any help, I'm using iptables 1.3.0 on a 2.6.12 kernel.
Regards,
Tim
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2005-12-04 9:59 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-12-04 9:59 recent match in SSH chain not working Tim Fenn
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox