[Users] iptables -m recent does not work in the container

Aleksandar Ivanisevic aleksandar at ivanisevic.de
Tue Oct 14 05:17:31 EDT 2008


I'm trying to implement a simple defense against ssh brute force
attacks.

iptables -N SSH_Brute_Force
iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource -j SSH_Brute_Force
iptables -A SSH_Brute_Force -m recent ! --rcheck --seconds 60 --hitcount 2 --name SSH --rsource -j RETURN
iptables -A SSH_Brute_Force -p tcp -j DROP 

this should allow only 1 SYN in 60 seconds to port 22 and it works
perfectly on the host, but not in a container.

both are Centos 5.2, fully patched, kernel  2.6.18-92.1.1.el5.028stab057.2PAE

in the syslog I see:

Oct 14 11:06:41 xxx modprobe: FATAL: Could not load /lib/modules/2.6.18-92.1.1.el5.028stab057.2PAE/modules.dep: No such file or directory

looks like its trying to load someting, but shouldn't it use a module
in a host kernel instead?

Any ideas?




More information about the Users mailing list