0

I'm trying to set up a webserver using an Odroid U3; as OS I have Debian 7.4. The issue came when trying to load the iptables rules with iptables-persistent. I'm using the same file with rules I've been using for some time, but for some reason now it refuses to work (I have another server with Odroid U2 and Debian 7 and it works fine).

iptables-restore gives a failure message on the line with the COMMIT.

I've isolated the problem to the ssh brute force prevention part. When trying to add those rules manually I get "iptables: No chain/target/match by that name." Here are the rules:

:INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [8:1088] -A INPUT -i eth0 -p tcp -m multiport --dports 67,80,465 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -i eth0 -p tcp -m multiport --sports 67,80,465 -m state --state ESTABLISHED -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i eth0 -p udp -m udp --sport 53 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m multiport --sports 22,67,80,465 -m state --state ESTABLISHED -j ACCEPT -A OUTPUT -o eth0 -p tcp -m multiport --dports 67,80,465 -m state --state NEW,ESTABLISHED -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -o eth0 -p udp -m udp --dport 53 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource -A INPUT -p tcp -m tcp --dport 22 -m recent --rcheck --seconds 30 --hitcount 4 --rttl --name SSH --rsource -j REJECT --reject-with tcp-reset -A INPUT -p tcp -m tcp --dport 22 -m recent --rcheck --seconds 30 --hitcount 3 --rttl --name SSH --rsource -j LOG --log-prefix "SSH brute force " -A INPUT -p tcp -m tcp --dport 22 -m recent --update --seconds 30 --hitcount 3 --rttl --name SSH --rsource -j REJECT --reject-with tcp-reset -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

-A OUTPUT -p udp --dport 123 -j ACCEPT -A INPUT -p udp --sport 123 -j ACCEPT COMMIT

What am I missing?

Thank you in advance

Improve this question

1 Answer 1

Reset to default
0

Got it figured out!

On my other machines I had Debian Wheezy and the armfh version of the iptables package was 1.4.14

The current system is Debian Jessie where the version is 1.4.21 (latest)

Somewhere along the line the --set (and from the looks of it the whole "recent" part) has been dropped.

Will need another way to prevent brute forcing...

Improve this answer
2
  • fail2ban may be of help
    – kostix
    Commented Jan 26, 2015 at 15:39
  • ...and what happens if you do find /lib/modules/ -type f -name '*recent*' -print ? Does it find a module named xt_recent.ko? I'd say the stock Jessie kernel for armhf does have this module.
    – kostix
    Commented Jan 26, 2015 at 15:41

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .