Menu
▾
▴
Re: [Devil-Linux-discuss] Bugreport for 1.2.13: /usr/lib/iptables/libipt_recent.so is still missing
|
From: Kari M. <kar...@tr...> - 2007-03-04 14:08:16
|
Vesselin Kostadinov wrote: > Sorry to bother you again with this but libipt_recent.so is not there despite > of the announced "addition of missing iptables modules". The problem was > introduced in 1.2.12. > > To reproduce it execute: > > #/sbin/modprobe ipt_recent > #iptables -A INPUT -p tcp --dport 22 -m recent --set --name SSH > > (the last command is just to illustrate the problem, it is not part of the > normal firewall script) I'm not commenting on the problem here, but a possible enhancement for the default firewall script of DL. See below: # Rate limit ssh connection attempts to 3 per 5 minutes per IP. iptables -A INPUT -p tcp --dport 22 -i eth0 -m state \ --state NEW -m recent --set iptables -A INPUT -p tcp --dport 22 -i eth0 -m state \ --state NEW -m recent --update --seconds 300 --hitcount 3 -j DROP This one does not create an additional queue like most other solutions for this common problem. I've found these 2 lines at the end of firewall script to be rather effective, yet problemless. No more brute-force-attack-trash in ssh log files. You might want to increase 300 seconds to 1800 for 30 minutes. ..and yes, the 2 lines above require a working ipt_recent. > The error message is: > > iptables v1.3.7: Couldn't load match > `recent':/usr/lib/iptables/libipt_recent.so: cannot open shared object file: > No such file or directory > > Note that the actual kernel module ipt_recent is there: > > /lib/modules/2.4.34-grsec/kernel/net/ipv4/netfilter/ipt_recent.o > > The missing file seems to be a library that is needed by this module. > > > Regards > > Vesselin |
