[Users] iptables -m recent does not work in the container
Aleksandar Ivanisevic
aleksandar at ivanisevic.de
Tue Oct 14 05:17:31 EDT 2008
I'm trying to implement a simple defense against ssh brute force
attacks.
iptables -N SSH_Brute_Force
iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource -j SSH_Brute_Force
iptables -A SSH_Brute_Force -m recent ! --rcheck --seconds 60 --hitcount 2 --name SSH --rsource -j RETURN
iptables -A SSH_Brute_Force -p tcp -j DROP
this should allow only 1 SYN in 60 seconds to port 22 and it works
perfectly on the host, but not in a container.
both are Centos 5.2, fully patched, kernel 2.6.18-92.1.1.el5.028stab057.2PAE
in the syslog I see:
Oct 14 11:06:41 xxx modprobe: FATAL: Could not load /lib/modules/2.6.18-92.1.1.el5.028stab057.2PAE/modules.dep: No such file or directory
looks like its trying to load someting, but shouldn't it use a module
in a host kernel instead?
Any ideas?
More information about the Users
mailing list