grsecurity forums

by **kid** » Sat Sep 02, 2006 6:14 pm

Hi all. Im using kernel 2.6.17.11 on my box with grsecurity patch, and i need to set limit for ssh connections, to prevent sshd bruteforcing.
So, when i write these iptables rules:

Code: Select all: iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP

my iptables rejects all with message iptables: No chain/target/match by that name

Code: Select all: root@l-box:~# iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set iptables: No chain/target/match by that name root@l-box:~# iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP iptables: No chain/target/match by that name

How to fix this problem? Please help me.
Thanks!

by **spender** » Sat Sep 02, 2006 10:53 pm

Changes were made to netfilter in recent 2.6 kernels, so you'll need to go into the configuration and make sure that you have xtables support enabled, then go into the iptables configuration and make sure you have the "recent" module enabled, as well as connection tracking enabled. This isn't a grsecurity problem, just a problem with your kernel configuration.

-Brad

by **kid** » Sun Sep 03, 2006 7:31 am

spender wrote:Changes were made to netfilter in recent 2.6 kernels, so you'll need to go into the configuration and make sure that you have xtables support enabled, then go into the iptables configuration and make sure you have the "recent" module enabled, as well as connection tracking enabled. This isn't a grsecurity problem, just a problem with your kernel configuration.

-Brad

Thank you so much spender!

grsecurity forums

iptables problem. I need HELP!

iptables problem. I need HELP!