grsecurity forums

Hi all. Im using kernel 2.6.17.11 on my box with grsecurity patch, and i need to set limit for ssh connections, to prevent sshd bruteforcing.
So, when i write these iptables rules:

Code: Select all

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j  DROP


my iptables rejects all with message iptables: No chain/target/match by that name

Code: Select all

root@l-box:~# iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables: No chain/target/match by that name
root@l-box:~# iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j  DROP
iptables: No chain/target/match by that name


How to fix this problem? Please help me.
Thanks!

Changes were made to netfilter in recent 2.6 kernels, so you'll need to go into the configuration and make sure that you have xtables support enabled, then go into the iptables configuration and make sure you have the "recent" module enabled, as well as connection tracking enabled. This isn't a grsecurity problem, just a problem with your kernel configuration.

-Brad

spender wrote:Changes were made to netfilter in recent 2.6 kernels, so you'll need to go into the configuration and make sure that you have xtables support enabled, then go into the iptables configuration and make sure you have the "recent" module enabled, as well as connection tracking enabled. This isn't a grsecurity problem, just a problem with your kernel configuration.

-Brad

Thank you so much spender!