Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Rate limit SSH with iptables
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Rate limit SSH with iptables

DeorDeor Member
edited August 2011 in General

So i noticed that i get a lot of attacks against SSH on my various VPS's, hundreds of invalid user attempts being logged. I use public/private key rather than password authentication so im not too worried about the security side of things, but id like to block the IP's of these idiots anyway.

Ive found reference to doing this with iptables and ive tried a few variations of these commands.

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent  --update --seconds 60 --hitcount 4 -j DROP

I change eth0 to venet0, but it doesnt like it and i get an error saying "iptables: No chain/target/match by that name."
Im still getting the hang of linux and as such im using Firehol to configure my iptables, but i should still be able to poke at it directly shouldnt i? Where am i going wrong?


  • Most likely the "recent" or "state" module wasn't built for iptable. Ask your providers to have them installed.

    Thanked by 2Deor Asim
  • DeorDeor Member
    edited August 2011

    Thanks, will look into it!

    This is something the provider would have to do rather than something i do when installing iptables then?

  • DeorDeor Member

    Ok so cat /proc/net/ip_tables_matches shows a bunch of stuff including 'state' so i guess i need 'recent' and im good to go. Hopefully Mr Todd is feeling charitable ;)

  • Yes, the module needs to be enabled on the host node by the provider.

    Thanked by 2Deor Asim
Sign In or Register to comment.