iptables: No chain/target/match by that name - adding SSH ATTACK rule2019 Community Moderator ElectionUnable to make outbound SNMP connections when IPTables is enabledIptables: matching outgoing traffic with conntrack and owner. Works with strange dropsTPROXY for redirecting UDP on arbitrary portsiptables, what is truly open?Confusion about interfaces, iptables, connections, local connectionCONFIG_NF_CONNTRACK is not setHow to create/setup vpn using only SSH?iptables - 2 Internetprovider - routingConflict between wlan and ethernet boardHow to implement iptables on lxc-container?

Why Shazam when there is already Superman?

Why is this estimator biased?

putting logo on same line but after title, latex

Picking the different solutions to the time independent Schrodinger eqaution

Is there an injective, monotonically increasing, strictly concave function from the reals, to the reals?

What does chmod -u do?

How much character growth crosses the line into breaking the character

Why is the "ls" command showing permissions of files in a FAT32 partition?

Strong empirical falsification of quantum mechanics based on vacuum energy density

Why is it that I can sometimes guess the next note?

Does Doodling or Improvising on the Piano Have Any Benefits?

What is going on with 'gets(stdin)' on the site coderbyte?

Plot of a tornado-shaped surface

Do the primes contain an infinite almost arithmetic progression?

Can I visit Japan without a visa?

Creepy dinosaur pc game identification

Does the Linux kernel need a file system to run?

Can a Canadian Travel to the USA twice, less than 180 days each time?

Is aluminum electrical wire used on aircraft?

Biological Blimps: Propulsion

What is the highest possible scrabble score for placing a single tile

Why can Carol Danvers change her suit colours in the first place?

How to fade a semiplane defined by line?

It grows, but water kills it



iptables: No chain/target/match by that name - adding SSH ATTACK rule



2019 Community Moderator ElectionUnable to make outbound SNMP connections when IPTables is enabledIptables: matching outgoing traffic with conntrack and owner. Works with strange dropsTPROXY for redirecting UDP on arbitrary portsiptables, what is truly open?Confusion about interfaces, iptables, connections, local connectionCONFIG_NF_CONNTRACK is not setHow to create/setup vpn using only SSH?iptables - 2 Internetprovider - routingConflict between wlan and ethernet boardHow to implement iptables on lxc-container?










2















I have a problem with adding rule against brute-force SSH attacks. I try to do it in the following way:



iptables -F
iptables -L
iptables -N SSHATTACK
iptables -A SSHATTACK -j LOG --log-prefix "Possible SSH attack! " --log-level 7
iptables -A SSHATTACK -j DROP
#Block each IP address for 120 seconds which establishe more than three connections within 120 seconds. In case of the forth connection attempt, the request gets delegated to the SSHATTACK chain, which is responsible for logging the possible ssh attack and finally drops the request.
iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --set
iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --update --seconds 120 --hitcount 4 -j SSHATTACK


But I have a problem with these two lines:



iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --set
iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --update --seconds 120 --hitcount 4 -j SSHATTACK


Output after this command is 



iptables: No chain/target/match by that name.


iptables -L gives the following output:



Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain SSHATTACK (0 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level debug prefix `Possible SSH attack! '
DROP all -- anywhere anywhere


and iptables -S gives:



-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N SSHATTACK
-A SSHATTACK -j LOG --log-prefix "Possible SSH attack! " --log-level 7
-A SSHATTACK -j DROP


ip add gives (I've hiden IP adress with '?'):



1 lo LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue state UNKNOWN
 linkloopback 000000000000 brd 000000000000
 inet 127.0.0.18 scope host lo
 inet6 1128 scope host
 valid_lft forever preferred_lft forever
2 venet0 BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN
 linkvoid
 inet 127.0.0.132 scope host venet0
 inet ?.?.?.24820 brd ?.?.?.255 scope global venet00


What can I do to add this rule? What am I missing?






ssh iptables ip internet







share|improve this question
















bumped to the homepage by Community yesterday


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.



















    2















    I have a problem with adding rule against brute-force SSH attacks. I try to do it in the following way:



    iptables -F
    iptables -L
    iptables -N SSHATTACK
    iptables -A SSHATTACK -j LOG --log-prefix "Possible SSH attack! " --log-level 7
    iptables -A SSHATTACK -j DROP
    #Block each IP address for 120 seconds which establishe more than three connections within 120 seconds. In case of the forth connection attempt, the request gets delegated to the SSHATTACK chain, which is responsible for logging the possible ssh attack and finally drops the request.
    iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --set
    iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --update --seconds 120 --hitcount 4 -j SSHATTACK


    But I have a problem with these two lines:



    iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --set
    iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --update --seconds 120 --hitcount 4 -j SSHATTACK


    Output after this command is 



    iptables: No chain/target/match by that name.


    iptables -L gives the following output:



    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain SSHATTACK (0 references)
    target prot opt source destination
    LOG all -- anywhere anywhere LOG level debug prefix `Possible SSH attack! '
    DROP all -- anywhere anywhere


    and iptables -S gives:



    -P INPUT ACCEPT
    -P FORWARD ACCEPT
    -P OUTPUT ACCEPT
    -N SSHATTACK
    -A SSHATTACK -j LOG --log-prefix "Possible SSH attack! " --log-level 7
    -A SSHATTACK -j DROP


    ip add gives (I've hiden IP adress with '?'):



    1 lo LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue state UNKNOWN
     linkloopback 000000000000 brd 000000000000
     inet 127.0.0.18 scope host lo
     inet6 1128 scope host
     valid_lft forever preferred_lft forever
    2 venet0 BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN
     linkvoid
     inet 127.0.0.132 scope host venet0
     inet ?.?.?.24820 brd ?.?.?.255 scope global venet00


    What can I do to add this rule? What am I missing?






    ssh iptables ip internet







    share|improve this question
















    bumped to the homepage by Community yesterday


    This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

















      2












      2








      2








      I have a problem with adding rule against brute-force SSH attacks. I try to do it in the following way:



      iptables -F
      iptables -L
      iptables -N SSHATTACK
      iptables -A SSHATTACK -j LOG --log-prefix "Possible SSH attack! " --log-level 7
      iptables -A SSHATTACK -j DROP
      #Block each IP address for 120 seconds which establishe more than three connections within 120 seconds. In case of the forth connection attempt, the request gets delegated to the SSHATTACK chain, which is responsible for logging the possible ssh attack and finally drops the request.
      iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --set
      iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --update --seconds 120 --hitcount 4 -j SSHATTACK


      But I have a problem with these two lines:



      iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --set
      iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --update --seconds 120 --hitcount 4 -j SSHATTACK


      Output after this command is 



      iptables: No chain/target/match by that name.


      iptables -L gives the following output:



      Chain INPUT (policy ACCEPT)
      target prot opt source destination

      Chain FORWARD (policy ACCEPT)
      target prot opt source destination

      Chain OUTPUT (policy ACCEPT)
      target prot opt source destination

      Chain SSHATTACK (0 references)
      target prot opt source destination
      LOG all -- anywhere anywhere LOG level debug prefix `Possible SSH attack! '
      DROP all -- anywhere anywhere


      and iptables -S gives:



      -P INPUT ACCEPT
      -P FORWARD ACCEPT
      -P OUTPUT ACCEPT
      -N SSHATTACK
      -A SSHATTACK -j LOG --log-prefix "Possible SSH attack! " --log-level 7
      -A SSHATTACK -j DROP


      ip add gives (I've hiden IP adress with '?'):



      1 lo LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue state UNKNOWN
       linkloopback 000000000000 brd 000000000000
       inet 127.0.0.18 scope host lo
       inet6 1128 scope host
       valid_lft forever preferred_lft forever
      2 venet0 BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN
       linkvoid
       inet 127.0.0.132 scope host venet0
       inet ?.?.?.24820 brd ?.?.?.255 scope global venet00


      What can I do to add this rule? What am I missing?






      ssh iptables ip internet







      share|improve this question
















      I have a problem with adding rule against brute-force SSH attacks. I try to do it in the following way:



      iptables -F
      iptables -L
      iptables -N SSHATTACK
      iptables -A SSHATTACK -j LOG --log-prefix "Possible SSH attack! " --log-level 7
      iptables -A SSHATTACK -j DROP
      #Block each IP address for 120 seconds which establishe more than three connections within 120 seconds. In case of the forth connection attempt, the request gets delegated to the SSHATTACK chain, which is responsible for logging the possible ssh attack and finally drops the request.
      iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --set
      iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --update --seconds 120 --hitcount 4 -j SSHATTACK


      But I have a problem with these two lines:



      iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --set
      iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --update --seconds 120 --hitcount 4 -j SSHATTACK


      Output after this command is 



      iptables: No chain/target/match by that name.


      iptables -L gives the following output:



      Chain INPUT (policy ACCEPT)
      target prot opt source destination

      Chain FORWARD (policy ACCEPT)
      target prot opt source destination

      Chain OUTPUT (policy ACCEPT)
      target prot opt source destination

      Chain SSHATTACK (0 references)
      target prot opt source destination
      LOG all -- anywhere anywhere LOG level debug prefix `Possible SSH attack! '
      DROP all -- anywhere anywhere


      and iptables -S gives:



      -P INPUT ACCEPT
      -P FORWARD ACCEPT
      -P OUTPUT ACCEPT
      -N SSHATTACK
      -A SSHATTACK -j LOG --log-prefix "Possible SSH attack! " --log-level 7
      -A SSHATTACK -j DROP


      ip add gives (I've hiden IP adress with '?'):



      1 lo LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue state UNKNOWN
       linkloopback 000000000000 brd 000000000000
       inet 127.0.0.18 scope host lo
       inet6 1128 scope host
       valid_lft forever preferred_lft forever
      2 venet0 BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN
       linkvoid
       inet 127.0.0.132 scope host venet0
       inet ?.?.?.24820 brd ?.?.?.255 scope global venet00


      What can I do to add this rule? What am I missing?






      ssh iptables ip internet




      ssh iptables ip internet






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Dec 7 '15 at 14:47







      michalsol

















      asked Nov 30 '15 at 17:04









      michalsolmichalsol

      1113




      1113





      bumped to the homepage by Community yesterday


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







      bumped to the homepage by Community yesterday


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.






















          3 Answers
          3






          active

          oldest

          votes


















          0














          The --dport parameter doesn't belong inside the state match. Try:



          iptables -A INPUT -i venet0 -p tcp --dport 22 -m state --state NEW -m recent --set





          share|improve this answer

























          • Unfortunately, it doesn't work either. I got the same error.

            – michalsol
            Nov 30 '15 at 22:41











          • Works for me. Can you add any entries to the INPUT table for that interface? Post interface info (ip add).

            – Richard Doyle
            Dec 1 '15 at 2:37











          • Sorry for the delay. I don't know how to check other entries, do you have any sample input? This is production server, so I don't want to brake anything :) My question is edited (I've add ip add output).

            – michalsol
            Dec 7 '15 at 14:45



















          0















          What am I missing?




          You could reduce your own ruleset's complexity and allow something like fail2ban to manage it for you. Available in a CentOS 7 package repository near you, or downloadable via EPEL on CentOS 6.



          Fail2ban has rules ready made for blocking ssh attacks, and there are a couple of tutorials here or here.






          share|improve this answer























          • I've just tried it but it doesn't seem to work. There is a new entry in iptables -L, but when I keep trying to log in with wrong passwords I don't get banned

            – michalsol
            Nov 30 '15 at 23:05











          • @michalsol you enabled the ssh rule in fail2ban's configuration as per the instructions, and restarted the daemon? You should see information in /var/log/fail2ban.log

            – roaima
            Dec 1 '15 at 12:52











          • Yes, I've done everything according to tutorial. In log file I just see that it has started but no info about blocking

            – michalsol
            Dec 7 '15 at 15:09











          • @michalsol you have the fail2ban daemon running, and in /etc/fail2ban/jail.local you have a section for ssh that includes enabled = true?

            – roaima
            Dec 7 '15 at 15:15











          • Yes, enabled=true is set, and I've started fail2ban using 'sudo service fail2ban restart'

            – michalsol
            Dec 7 '15 at 15:38


















          0














          This is an old thread, but if anyone gets here this might help (solved for me).



          The issue is a missing kernel driver. After adding




          CONFIG_NETFILTER_XT_MATCH_RECENT=y




          to the kernel config and recompiling it, the problem was solved.
          You can also add it as a module (=m) and insmod it at runtime



          good luck!






          share|improve this answer






















            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f246450%2fiptables-no-chain-target-match-by-that-name-adding-ssh-attack-rule%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            3 Answers
            3






            active

            oldest

            votes








            3 Answers
            3






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            The --dport parameter doesn't belong inside the state match. Try:



            iptables -A INPUT -i venet0 -p tcp --dport 22 -m state --state NEW -m recent --set





            share|improve this answer

























            • Unfortunately, it doesn't work either. I got the same error.

              – michalsol
              Nov 30 '15 at 22:41











            • Works for me. Can you add any entries to the INPUT table for that interface? Post interface info (ip add).

              – Richard Doyle
              Dec 1 '15 at 2:37











            • Sorry for the delay. I don't know how to check other entries, do you have any sample input? This is production server, so I don't want to brake anything :) My question is edited (I've add ip add output).

              – michalsol
              Dec 7 '15 at 14:45
















            0














            The --dport parameter doesn't belong inside the state match. Try:



            iptables -A INPUT -i venet0 -p tcp --dport 22 -m state --state NEW -m recent --set





            share|improve this answer

























            • Unfortunately, it doesn't work either. I got the same error.

              – michalsol
              Nov 30 '15 at 22:41











            • Works for me. Can you add any entries to the INPUT table for that interface? Post interface info (ip add).

              – Richard Doyle
              Dec 1 '15 at 2:37











            • Sorry for the delay. I don't know how to check other entries, do you have any sample input? This is production server, so I don't want to brake anything :) My question is edited (I've add ip add output).

              – michalsol
              Dec 7 '15 at 14:45














            0












            0








            0







            The --dport parameter doesn't belong inside the state match. Try:



            iptables -A INPUT -i venet0 -p tcp --dport 22 -m state --state NEW -m recent --set





            share|improve this answer















            The --dport parameter doesn't belong inside the state match. Try:



            iptables -A INPUT -i venet0 -p tcp --dport 22 -m state --state NEW -m recent --set






            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Nov 30 '15 at 21:43









            roaima

            45.8k758124




            45.8k758124










            answered Nov 30 '15 at 21:22









            Richard DoyleRichard Doyle

            1




            1












            • Unfortunately, it doesn't work either. I got the same error.

              – michalsol
              Nov 30 '15 at 22:41











            • Works for me. Can you add any entries to the INPUT table for that interface? Post interface info (ip add).

              – Richard Doyle
              Dec 1 '15 at 2:37











            • Sorry for the delay. I don't know how to check other entries, do you have any sample input? This is production server, so I don't want to brake anything :) My question is edited (I've add ip add output).

              – michalsol
              Dec 7 '15 at 14:45


















            • Unfortunately, it doesn't work either. I got the same error.

              – michalsol
              Nov 30 '15 at 22:41











            • Works for me. Can you add any entries to the INPUT table for that interface? Post interface info (ip add).

              – Richard Doyle
              Dec 1 '15 at 2:37











            • Sorry for the delay. I don't know how to check other entries, do you have any sample input? This is production server, so I don't want to brake anything :) My question is edited (I've add ip add output).

              – michalsol
              Dec 7 '15 at 14:45

















            Unfortunately, it doesn't work either. I got the same error.

            – michalsol
            Nov 30 '15 at 22:41





            Unfortunately, it doesn't work either. I got the same error.

            – michalsol
            Nov 30 '15 at 22:41













            Works for me. Can you add any entries to the INPUT table for that interface? Post interface info (ip add).

            – Richard Doyle
            Dec 1 '15 at 2:37





            Works for me. Can you add any entries to the INPUT table for that interface? Post interface info (ip add).

            – Richard Doyle
            Dec 1 '15 at 2:37













            Sorry for the delay. I don't know how to check other entries, do you have any sample input? This is production server, so I don't want to brake anything :) My question is edited (I've add ip add output).

            – michalsol
            Dec 7 '15 at 14:45






            Sorry for the delay. I don't know how to check other entries, do you have any sample input? This is production server, so I don't want to brake anything :) My question is edited (I've add ip add output).

            – michalsol
            Dec 7 '15 at 14:45














            0















            What am I missing?




            You could reduce your own ruleset's complexity and allow something like fail2ban to manage it for you. Available in a CentOS 7 package repository near you, or downloadable via EPEL on CentOS 6.



            Fail2ban has rules ready made for blocking ssh attacks, and there are a couple of tutorials here or here.






            share|improve this answer























            • I've just tried it but it doesn't seem to work. There is a new entry in iptables -L, but when I keep trying to log in with wrong passwords I don't get banned

              – michalsol
              Nov 30 '15 at 23:05











            • @michalsol you enabled the ssh rule in fail2ban's configuration as per the instructions, and restarted the daemon? You should see information in /var/log/fail2ban.log

              – roaima
              Dec 1 '15 at 12:52











            • Yes, I've done everything according to tutorial. In log file I just see that it has started but no info about blocking

              – michalsol
              Dec 7 '15 at 15:09











            • @michalsol you have the fail2ban daemon running, and in /etc/fail2ban/jail.local you have a section for ssh that includes enabled = true?

              – roaima
              Dec 7 '15 at 15:15











            • Yes, enabled=true is set, and I've started fail2ban using 'sudo service fail2ban restart'

              – michalsol
              Dec 7 '15 at 15:38















            0















            What am I missing?




            You could reduce your own ruleset's complexity and allow something like fail2ban to manage it for you. Available in a CentOS 7 package repository near you, or downloadable via EPEL on CentOS 6.



            Fail2ban has rules ready made for blocking ssh attacks, and there are a couple of tutorials here or here.






            share|improve this answer























            • I've just tried it but it doesn't seem to work. There is a new entry in iptables -L, but when I keep trying to log in with wrong passwords I don't get banned

              – michalsol
              Nov 30 '15 at 23:05











            • @michalsol you enabled the ssh rule in fail2ban's configuration as per the instructions, and restarted the daemon? You should see information in /var/log/fail2ban.log

              – roaima
              Dec 1 '15 at 12:52











            • Yes, I've done everything according to tutorial. In log file I just see that it has started but no info about blocking

              – michalsol
              Dec 7 '15 at 15:09











            • @michalsol you have the fail2ban daemon running, and in /etc/fail2ban/jail.local you have a section for ssh that includes enabled = true?

              – roaima
              Dec 7 '15 at 15:15











            • Yes, enabled=true is set, and I've started fail2ban using 'sudo service fail2ban restart'

              – michalsol
              Dec 7 '15 at 15:38













            0












            0








            0








            What am I missing?




            You could reduce your own ruleset's complexity and allow something like fail2ban to manage it for you. Available in a CentOS 7 package repository near you, or downloadable via EPEL on CentOS 6.



            Fail2ban has rules ready made for blocking ssh attacks, and there are a couple of tutorials here or here.






            share|improve this answer














            What am I missing?




            You could reduce your own ruleset's complexity and allow something like fail2ban to manage it for you. Available in a CentOS 7 package repository near you, or downloadable via EPEL on CentOS 6.



            Fail2ban has rules ready made for blocking ssh attacks, and there are a couple of tutorials here or here.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Nov 30 '15 at 21:51









            roaimaroaima

            45.8k758124




            45.8k758124












            • I've just tried it but it doesn't seem to work. There is a new entry in iptables -L, but when I keep trying to log in with wrong passwords I don't get banned

              – michalsol
              Nov 30 '15 at 23:05











            • @michalsol you enabled the ssh rule in fail2ban's configuration as per the instructions, and restarted the daemon? You should see information in /var/log/fail2ban.log

              – roaima
              Dec 1 '15 at 12:52











            • Yes, I've done everything according to tutorial. In log file I just see that it has started but no info about blocking

              – michalsol
              Dec 7 '15 at 15:09











            • @michalsol you have the fail2ban daemon running, and in /etc/fail2ban/jail.local you have a section for ssh that includes enabled = true?

              – roaima
              Dec 7 '15 at 15:15











            • Yes, enabled=true is set, and I've started fail2ban using 'sudo service fail2ban restart'

              – michalsol
              Dec 7 '15 at 15:38

















            • I've just tried it but it doesn't seem to work. There is a new entry in iptables -L, but when I keep trying to log in with wrong passwords I don't get banned

              – michalsol
              Nov 30 '15 at 23:05











            • @michalsol you enabled the ssh rule in fail2ban's configuration as per the instructions, and restarted the daemon? You should see information in /var/log/fail2ban.log

              – roaima
              Dec 1 '15 at 12:52











            • Yes, I've done everything according to tutorial. In log file I just see that it has started but no info about blocking

              – michalsol
              Dec 7 '15 at 15:09











            • @michalsol you have the fail2ban daemon running, and in /etc/fail2ban/jail.local you have a section for ssh that includes enabled = true?

              – roaima
              Dec 7 '15 at 15:15











            • Yes, enabled=true is set, and I've started fail2ban using 'sudo service fail2ban restart'

              – michalsol
              Dec 7 '15 at 15:38
















            I've just tried it but it doesn't seem to work. There is a new entry in iptables -L, but when I keep trying to log in with wrong passwords I don't get banned

            – michalsol
            Nov 30 '15 at 23:05





            I've just tried it but it doesn't seem to work. There is a new entry in iptables -L, but when I keep trying to log in with wrong passwords I don't get banned

            – michalsol
            Nov 30 '15 at 23:05













            @michalsol you enabled the ssh rule in fail2ban's configuration as per the instructions, and restarted the daemon? You should see information in /var/log/fail2ban.log

            – roaima
            Dec 1 '15 at 12:52





            @michalsol you enabled the ssh rule in fail2ban's configuration as per the instructions, and restarted the daemon? You should see information in /var/log/fail2ban.log

            – roaima
            Dec 1 '15 at 12:52













            Yes, I've done everything according to tutorial. In log file I just see that it has started but no info about blocking

            – michalsol
            Dec 7 '15 at 15:09





            Yes, I've done everything according to tutorial. In log file I just see that it has started but no info about blocking

            – michalsol
            Dec 7 '15 at 15:09













            @michalsol you have the fail2ban daemon running, and in /etc/fail2ban/jail.local you have a section for ssh that includes enabled = true?

            – roaima
            Dec 7 '15 at 15:15





            @michalsol you have the fail2ban daemon running, and in /etc/fail2ban/jail.local you have a section for ssh that includes enabled = true?

            – roaima
            Dec 7 '15 at 15:15













            Yes, enabled=true is set, and I've started fail2ban using 'sudo service fail2ban restart'

            – michalsol
            Dec 7 '15 at 15:38





            Yes, enabled=true is set, and I've started fail2ban using 'sudo service fail2ban restart'

            – michalsol
            Dec 7 '15 at 15:38











            0














            This is an old thread, but if anyone gets here this might help (solved for me).



            The issue is a missing kernel driver. After adding




            CONFIG_NETFILTER_XT_MATCH_RECENT=y




            to the kernel config and recompiling it, the problem was solved.
            You can also add it as a module (=m) and insmod it at runtime



            good luck!






            share|improve this answer



























              0














              This is an old thread, but if anyone gets here this might help (solved for me).



              The issue is a missing kernel driver. After adding




              CONFIG_NETFILTER_XT_MATCH_RECENT=y




              to the kernel config and recompiling it, the problem was solved.
              You can also add it as a module (=m) and insmod it at runtime



              good luck!






              share|improve this answer

























                0












                0








                0







                This is an old thread, but if anyone gets here this might help (solved for me).



                The issue is a missing kernel driver. After adding




                CONFIG_NETFILTER_XT_MATCH_RECENT=y




                to the kernel config and recompiling it, the problem was solved.
                You can also add it as a module (=m) and insmod it at runtime



                good luck!






                share|improve this answer













                This is an old thread, but if anyone gets here this might help (solved for me).



                The issue is a missing kernel driver. After adding




                CONFIG_NETFILTER_XT_MATCH_RECENT=y




                to the kernel config and recompiling it, the problem was solved.
                You can also add it as a module (=m) and insmod it at runtime



                good luck!







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 20 '17 at 7:07









                sagivdsagivd

                11




                11



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Unix & Linux Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f246450%2fiptables-no-chain-target-match-by-that-name-adding-ssh-attack-rule%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    getting Checkpoint VPN SSL Network Extender working in the command lineHow to connect to CheckPoint VPN on Ubuntu 18.04LTS?Will the Linux ( red-hat ) Open VPNC Client connect to checkpoint or nortel VPN gateways?VPN client for linux machine + support checkpoint gatewayVPN SSL Network Extender in FirefoxLinux Checkpoint SNX tool configuration issuesCheck Point - Connect under Linux - snx + OTPSNX VPN Ububuntu 18.XXUsing Checkpoint VPN SSL Network Extender CLI with certificateVPN with network manager (nm-applet) is not workingWill the Linux ( red-hat ) Open VPNC Client connect to checkpoint or nortel VPN gateways?VPN client for linux machine + support checkpoint gatewayImport VPN config files to NetworkManager from command lineTrouble connecting to VPN using network-manager, while command line worksStart a VPN connection with PPTP protocol on command linestarting a docker service daemon breaks the vpn networkCan't connect to vpn with Network-managerVPN SSL Network Extender in FirefoxUsing Checkpoint VPN SSL Network Extender CLI with certificate

                    Image
                    If human space travel is limited by the G force vulnerability, is there a way to counter G forces? Did Shadowfax go to Valinor? Do I have a twin with permutated remainders? Blender 2.8 I can't see vertices, edges or faces in edit mode 1960's book about a plague that kills all white people How can I make my BBEG immortal short of making them a Lich or Vampire? Alternative to sending password over mail? Is it inappropriate for a student to attend their mentor's dissertation defense? Why is Collection not simply treated as Collection<?> Took a trip to a parallel universe, need help deciphering Assassin's bullet with mercury Why is it a bad idea to hire a hitman to eliminate most corrupt politicians? I Accidentally Deleted a Stock Terminal Theme Is there a hemisphere-neutral way of specifying a season? What about the virus in 12 Monkeys? Why can't we play rap on piano? Arrow those variables! Today is the Center Modeling an IP Ad...
                    Read more

                    Cannot Extend partition with GParted The 2019 Stack Overflow Developer Survey Results Are In Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) 2019 Community Moderator Election ResultsCan't increase partition size with GParted?GParted doesn't recognize the unallocated space after my current partitionWhat is the best way to add unallocated space located before to Ubuntu 12.04 partition with GParted live?I can't figure out how to extend my Arch home partition into free spaceGparted Linux Mint 18.1 issueTrying to extend but swap partition is showing as Unknown in Gparted, shows proper from fdiskRearrange partitions in gparted to extend a partitionUnable to extend partition even though unallocated space is next to it using GPartedAllocate free space to root partitiongparted: how to merge unallocated space with a partition

                    Image
                    Make it rain characters Keeping a retro style to sci-fi spaceships? How to split my screen on my Macbook Air? How can I define good in a religion that claims no moral authority? does high air pressure throw off wheel balance? Scientific Reports - Significant Figures Relations between two reciprocal partial derivatives? How to delete random line from file using Unix command? How did passengers keep warm on sail ships? How are presidential pardons supposed to be used? Are my PIs rude or am I just being too sensitive? He got a vote 80% that of Emmanuel Macron’s Change bounding box of math glyphs in LuaTeX Match Roman Numerals Was credit for the black hole image misattributed? How to pronounce 1ターン? how can a perfect fourth interval be considered either consonant or dissonant? Working through the single responsibility principle (SRP) in Python when calls are expensive High Q peak in frequency response means what in time domain? ...
                    Read more

                    Marilyn Monroe Ny fiainany manokana | Jereo koa | Meny fitetezanafanitarana azy.

                    Image
                    OlonaBiôgrafiaVangovangoMpilalaoMpilalao amin'ny horonantsaryMpamoaka horonantsaryTeraka tamin'ny taona 1926Maty tamin'ny taona 1962 EtazoniaLos Angeles fanitarana azy . Marilyn Monroe Avy amin'i Wikipedia Sauter à la navigation Sauter à la recherche Marilyn Monroe Ankapobeny Anarana Marilyn Monroe Teraka 1 Jiona 1926 Maty 5 Aogositra 1962 Fiaviana sy ny andraikitra Firenena Etazonia Asa : mpilalao mpilalao amin'ny horonantsary mpamoaka horonantsary Fiainana manokana Marilyn Monroe dia mpilalao, mpilalao amin'ny horonantsary, mpamoaka horonantsary mizaka ny zom-pirenen'i Etazonia teraka ny 1 Jiona 1926 tao Los Angeles ary maty ny 5 Aogositra 1962 Ny fiainany manokana | Ny vadiny dia James Dougherty, Joe DiMaggio, Arthur Miller. Jereo koa | Biôgrafia Rohy ivelany | Ao amin'i Freebase: [1] Mbola ambangovangony ity lahatsoratra ity ary tokony hofenoina . Azonao atao ny mandray anjara eto amin'ny Wikipedia amin...
                    Read more