iptables: No chain/target/match by that name - adding SSH ATTACK rule2019 Community Moderator ElectionUnable to make outbound SNMP connections when IPTables is enabledIptables: matching outgoing traffic with conntrack and owner. Works with strange dropsTPROXY for redirecting UDP on arbitrary portsiptables, what is truly open?Confusion about interfaces, iptables, connections, local connectionCONFIG_NF_CONNTRACK is not setHow to create/setup vpn using only SSH?iptables - 2 Internetprovider - routingConflict between wlan and ethernet boardHow to implement iptables on lxc-container?

Why Shazam when there is already Superman?

Why is this estimator biased?

putting logo on same line but after title, latex

Picking the different solutions to the time independent Schrodinger eqaution

Is there an injective, monotonically increasing, strictly concave function from the reals, to the reals?

What does chmod -u do?

How much character growth crosses the line into breaking the character

Why is the "ls" command showing permissions of files in a FAT32 partition?

Strong empirical falsification of quantum mechanics based on vacuum energy density

Why is it that I can sometimes guess the next note?

Does Doodling or Improvising on the Piano Have Any Benefits?

What is going on with 'gets(stdin)' on the site coderbyte?

Plot of a tornado-shaped surface

Do the primes contain an infinite almost arithmetic progression?

Can I visit Japan without a visa?

Creepy dinosaur pc game identification

Does the Linux kernel need a file system to run?

Can a Canadian Travel to the USA twice, less than 180 days each time?

Is aluminum electrical wire used on aircraft?

Biological Blimps: Propulsion

What is the highest possible scrabble score for placing a single tile

Why can Carol Danvers change her suit colours in the first place?

How to fade a semiplane defined by line?

It grows, but water kills it



iptables: No chain/target/match by that name - adding SSH ATTACK rule



2019 Community Moderator ElectionUnable to make outbound SNMP connections when IPTables is enabledIptables: matching outgoing traffic with conntrack and owner. Works with strange dropsTPROXY for redirecting UDP on arbitrary portsiptables, what is truly open?Confusion about interfaces, iptables, connections, local connectionCONFIG_NF_CONNTRACK is not setHow to create/setup vpn using only SSH?iptables - 2 Internetprovider - routingConflict between wlan and ethernet boardHow to implement iptables on lxc-container?










2















I have a problem with adding rule against brute-force SSH attacks. I try to do it in the following way:



iptables -F
iptables -L
iptables -N SSHATTACK
iptables -A SSHATTACK -j LOG --log-prefix "Possible SSH attack! " --log-level 7
iptables -A SSHATTACK -j DROP
#Block each IP address for 120 seconds which establishe more than three connections within 120 seconds. In case of the forth connection attempt, the request gets delegated to the SSHATTACK chain, which is responsible for logging the possible ssh attack and finally drops the request.
iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --set
iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --update --seconds 120 --hitcount 4 -j SSHATTACK


But I have a problem with these two lines:



iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --set
iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --update --seconds 120 --hitcount 4 -j SSHATTACK


Output after this command is 



iptables: No chain/target/match by that name.


iptables -L gives the following output:



Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain SSHATTACK (0 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level debug prefix `Possible SSH attack! '
DROP all -- anywhere anywhere


and iptables -S gives:



-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N SSHATTACK
-A SSHATTACK -j LOG --log-prefix "Possible SSH attack! " --log-level 7
-A SSHATTACK -j DROP


ip add gives (I've hiden IP adress with '?'):



1 lo LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue state UNKNOWN
 linkloopback 000000000000 brd 000000000000
 inet 127.0.0.18 scope host lo
 inet6 1128 scope host
 valid_lft forever preferred_lft forever
2 venet0 BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN
 linkvoid
 inet 127.0.0.132 scope host venet0
 inet ?.?.?.24820 brd ?.?.?.255 scope global venet00


What can I do to add this rule? What am I missing?






ssh iptables ip internet







share|improve this question
















bumped to the homepage by Community yesterday


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.



















    2















    I have a problem with adding rule against brute-force SSH attacks. I try to do it in the following way:



    iptables -F
    iptables -L
    iptables -N SSHATTACK
    iptables -A SSHATTACK -j LOG --log-prefix "Possible SSH attack! " --log-level 7
    iptables -A SSHATTACK -j DROP
    #Block each IP address for 120 seconds which establishe more than three connections within 120 seconds. In case of the forth connection attempt, the request gets delegated to the SSHATTACK chain, which is responsible for logging the possible ssh attack and finally drops the request.
    iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --set
    iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --update --seconds 120 --hitcount 4 -j SSHATTACK


    But I have a problem with these two lines:



    iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --set
    iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --update --seconds 120 --hitcount 4 -j SSHATTACK


    Output after this command is 



    iptables: No chain/target/match by that name.


    iptables -L gives the following output:



    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain SSHATTACK (0 references)
    target prot opt source destination
    LOG all -- anywhere anywhere LOG level debug prefix `Possible SSH attack! '
    DROP all -- anywhere anywhere


    and iptables -S gives:



    -P INPUT ACCEPT
    -P FORWARD ACCEPT
    -P OUTPUT ACCEPT
    -N SSHATTACK
    -A SSHATTACK -j LOG --log-prefix "Possible SSH attack! " --log-level 7
    -A SSHATTACK -j DROP


    ip add gives (I've hiden IP adress with '?'):



    1 lo LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue state UNKNOWN
     linkloopback 000000000000 brd 000000000000
     inet 127.0.0.18 scope host lo
     inet6 1128 scope host
     valid_lft forever preferred_lft forever
    2 venet0 BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN
     linkvoid
     inet 127.0.0.132 scope host venet0
     inet ?.?.?.24820 brd ?.?.?.255 scope global venet00


    What can I do to add this rule? What am I missing?






    ssh iptables ip internet







    share|improve this question
















    bumped to the homepage by Community yesterday


    This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

















      2












      2








      2








      I have a problem with adding rule against brute-force SSH attacks. I try to do it in the following way:



      iptables -F
      iptables -L
      iptables -N SSHATTACK
      iptables -A SSHATTACK -j LOG --log-prefix "Possible SSH attack! " --log-level 7
      iptables -A SSHATTACK -j DROP
      #Block each IP address for 120 seconds which establishe more than three connections within 120 seconds. In case of the forth connection attempt, the request gets delegated to the SSHATTACK chain, which is responsible for logging the possible ssh attack and finally drops the request.
      iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --set
      iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --update --seconds 120 --hitcount 4 -j SSHATTACK


      But I have a problem with these two lines:



      iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --set
      iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --update --seconds 120 --hitcount 4 -j SSHATTACK


      Output after this command is 



      iptables: No chain/target/match by that name.


      iptables -L gives the following output:



      Chain INPUT (policy ACCEPT)
      target prot opt source destination

      Chain FORWARD (policy ACCEPT)
      target prot opt source destination

      Chain OUTPUT (policy ACCEPT)
      target prot opt source destination

      Chain SSHATTACK (0 references)
      target prot opt source destination
      LOG all -- anywhere anywhere LOG level debug prefix `Possible SSH attack! '
      DROP all -- anywhere anywhere


      and iptables -S gives:



      -P INPUT ACCEPT
      -P FORWARD ACCEPT
      -P OUTPUT ACCEPT
      -N SSHATTACK
      -A SSHATTACK -j LOG --log-prefix "Possible SSH attack! " --log-level 7
      -A SSHATTACK -j DROP


      ip add gives (I've hiden IP adress with '?'):



      1 lo LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue state UNKNOWN
       linkloopback 000000000000 brd 000000000000
       inet 127.0.0.18 scope host lo
       inet6 1128 scope host
       valid_lft forever preferred_lft forever
      2 venet0 BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN
       linkvoid
       inet 127.0.0.132 scope host venet0
       inet ?.?.?.24820 brd ?.?.?.255 scope global venet00


      What can I do to add this rule? What am I missing?






      ssh iptables ip internet







      share|improve this question
















      I have a problem with adding rule against brute-force SSH attacks. I try to do it in the following way:



      iptables -F
      iptables -L
      iptables -N SSHATTACK
      iptables -A SSHATTACK -j LOG --log-prefix "Possible SSH attack! " --log-level 7
      iptables -A SSHATTACK -j DROP
      #Block each IP address for 120 seconds which establishe more than three connections within 120 seconds. In case of the forth connection attempt, the request gets delegated to the SSHATTACK chain, which is responsible for logging the possible ssh attack and finally drops the request.
      iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --set
      iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --update --seconds 120 --hitcount 4 -j SSHATTACK


      But I have a problem with these two lines:



      iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --set
      iptables -A INPUT -i venet0 -p tcp -m state --dport 22 --state NEW -m recent --update --seconds 120 --hitcount 4 -j SSHATTACK


      Output after this command is 



      iptables: No chain/target/match by that name.


      iptables -L gives the following output:



      Chain INPUT (policy ACCEPT)
      target prot opt source destination

      Chain FORWARD (policy ACCEPT)
      target prot opt source destination

      Chain OUTPUT (policy ACCEPT)
      target prot opt source destination

      Chain SSHATTACK (0 references)
      target prot opt source destination
      LOG all -- anywhere anywhere LOG level debug prefix `Possible SSH attack! '
      DROP all -- anywhere anywhere


      and iptables -S gives:



      -P INPUT ACCEPT
      -P FORWARD ACCEPT
      -P OUTPUT ACCEPT
      -N SSHATTACK
      -A SSHATTACK -j LOG --log-prefix "Possible SSH attack! " --log-level 7
      -A SSHATTACK -j DROP


      ip add gives (I've hiden IP adress with '?'):



      1 lo LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue state UNKNOWN
       linkloopback 000000000000 brd 000000000000
       inet 127.0.0.18 scope host lo
       inet6 1128 scope host
       valid_lft forever preferred_lft forever
      2 venet0 BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN
       linkvoid
       inet 127.0.0.132 scope host venet0
       inet ?.?.?.24820 brd ?.?.?.255 scope global venet00


      What can I do to add this rule? What am I missing?






      ssh iptables ip internet




      ssh iptables ip internet






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Dec 7 '15 at 14:47







      michalsol

















      asked Nov 30 '15 at 17:04









      michalsolmichalsol

      1113




      1113





      bumped to the homepage by Community yesterday


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







      bumped to the homepage by Community yesterday


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.






















          3 Answers
          3






          active

          oldest

          votes


















          0














          The --dport parameter doesn't belong inside the state match. Try:



          iptables -A INPUT -i venet0 -p tcp --dport 22 -m state --state NEW -m recent --set





          share|improve this answer

























          • Unfortunately, it doesn't work either. I got the same error.

            – michalsol
            Nov 30 '15 at 22:41











          • Works for me. Can you add any entries to the INPUT table for that interface? Post interface info (ip add).

            – Richard Doyle
            Dec 1 '15 at 2:37











          • Sorry for the delay. I don't know how to check other entries, do you have any sample input? This is production server, so I don't want to brake anything :) My question is edited (I've add ip add output).

            – michalsol
            Dec 7 '15 at 14:45



















          0















          What am I missing?




          You could reduce your own ruleset's complexity and allow something like fail2ban to manage it for you. Available in a CentOS 7 package repository near you, or downloadable via EPEL on CentOS 6.



          Fail2ban has rules ready made for blocking ssh attacks, and there are a couple of tutorials here or here.






          share|improve this answer























          • I've just tried it but it doesn't seem to work. There is a new entry in iptables -L, but when I keep trying to log in with wrong passwords I don't get banned

            – michalsol
            Nov 30 '15 at 23:05











          • @michalsol you enabled the ssh rule in fail2ban's configuration as per the instructions, and restarted the daemon? You should see information in /var/log/fail2ban.log

            – roaima
            Dec 1 '15 at 12:52











          • Yes, I've done everything according to tutorial. In log file I just see that it has started but no info about blocking

            – michalsol
            Dec 7 '15 at 15:09











          • @michalsol you have the fail2ban daemon running, and in /etc/fail2ban/jail.local you have a section for ssh that includes enabled = true?

            – roaima
            Dec 7 '15 at 15:15











          • Yes, enabled=true is set, and I've started fail2ban using 'sudo service fail2ban restart'

            – michalsol
            Dec 7 '15 at 15:38


















          0














          This is an old thread, but if anyone gets here this might help (solved for me).



          The issue is a missing kernel driver. After adding




          CONFIG_NETFILTER_XT_MATCH_RECENT=y




          to the kernel config and recompiling it, the problem was solved.
          You can also add it as a module (=m) and insmod it at runtime



          good luck!






          share|improve this answer






















            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f246450%2fiptables-no-chain-target-match-by-that-name-adding-ssh-attack-rule%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            3 Answers
            3






            active

            oldest

            votes








            3 Answers
            3






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            The --dport parameter doesn't belong inside the state match. Try:



            iptables -A INPUT -i venet0 -p tcp --dport 22 -m state --state NEW -m recent --set





            share|improve this answer

























            • Unfortunately, it doesn't work either. I got the same error.

              – michalsol
              Nov 30 '15 at 22:41











            • Works for me. Can you add any entries to the INPUT table for that interface? Post interface info (ip add).

              – Richard Doyle
              Dec 1 '15 at 2:37











            • Sorry for the delay. I don't know how to check other entries, do you have any sample input? This is production server, so I don't want to brake anything :) My question is edited (I've add ip add output).

              – michalsol
              Dec 7 '15 at 14:45
















            0














            The --dport parameter doesn't belong inside the state match. Try:



            iptables -A INPUT -i venet0 -p tcp --dport 22 -m state --state NEW -m recent --set





            share|improve this answer

























            • Unfortunately, it doesn't work either. I got the same error.

              – michalsol
              Nov 30 '15 at 22:41











            • Works for me. Can you add any entries to the INPUT table for that interface? Post interface info (ip add).

              – Richard Doyle
              Dec 1 '15 at 2:37











            • Sorry for the delay. I don't know how to check other entries, do you have any sample input? This is production server, so I don't want to brake anything :) My question is edited (I've add ip add output).

              – michalsol
              Dec 7 '15 at 14:45














            0












            0








            0







            The --dport parameter doesn't belong inside the state match. Try:



            iptables -A INPUT -i venet0 -p tcp --dport 22 -m state --state NEW -m recent --set





            share|improve this answer















            The --dport parameter doesn't belong inside the state match. Try:



            iptables -A INPUT -i venet0 -p tcp --dport 22 -m state --state NEW -m recent --set






            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Nov 30 '15 at 21:43









            roaima

            45.8k758124




            45.8k758124










            answered Nov 30 '15 at 21:22









            Richard DoyleRichard Doyle

            1




            1












            • Unfortunately, it doesn't work either. I got the same error.

              – michalsol
              Nov 30 '15 at 22:41











            • Works for me. Can you add any entries to the INPUT table for that interface? Post interface info (ip add).

              – Richard Doyle
              Dec 1 '15 at 2:37











            • Sorry for the delay. I don't know how to check other entries, do you have any sample input? This is production server, so I don't want to brake anything :) My question is edited (I've add ip add output).

              – michalsol
              Dec 7 '15 at 14:45


















            • Unfortunately, it doesn't work either. I got the same error.

              – michalsol
              Nov 30 '15 at 22:41











            • Works for me. Can you add any entries to the INPUT table for that interface? Post interface info (ip add).

              – Richard Doyle
              Dec 1 '15 at 2:37











            • Sorry for the delay. I don't know how to check other entries, do you have any sample input? This is production server, so I don't want to brake anything :) My question is edited (I've add ip add output).

              – michalsol
              Dec 7 '15 at 14:45

















            Unfortunately, it doesn't work either. I got the same error.

            – michalsol
            Nov 30 '15 at 22:41





            Unfortunately, it doesn't work either. I got the same error.

            – michalsol
            Nov 30 '15 at 22:41













            Works for me. Can you add any entries to the INPUT table for that interface? Post interface info (ip add).

            – Richard Doyle
            Dec 1 '15 at 2:37





            Works for me. Can you add any entries to the INPUT table for that interface? Post interface info (ip add).

            – Richard Doyle
            Dec 1 '15 at 2:37













            Sorry for the delay. I don't know how to check other entries, do you have any sample input? This is production server, so I don't want to brake anything :) My question is edited (I've add ip add output).

            – michalsol
            Dec 7 '15 at 14:45






            Sorry for the delay. I don't know how to check other entries, do you have any sample input? This is production server, so I don't want to brake anything :) My question is edited (I've add ip add output).

            – michalsol
            Dec 7 '15 at 14:45














            0















            What am I missing?




            You could reduce your own ruleset's complexity and allow something like fail2ban to manage it for you. Available in a CentOS 7 package repository near you, or downloadable via EPEL on CentOS 6.



            Fail2ban has rules ready made for blocking ssh attacks, and there are a couple of tutorials here or here.






            share|improve this answer























            • I've just tried it but it doesn't seem to work. There is a new entry in iptables -L, but when I keep trying to log in with wrong passwords I don't get banned

              – michalsol
              Nov 30 '15 at 23:05











            • @michalsol you enabled the ssh rule in fail2ban's configuration as per the instructions, and restarted the daemon? You should see information in /var/log/fail2ban.log

              – roaima
              Dec 1 '15 at 12:52











            • Yes, I've done everything according to tutorial. In log file I just see that it has started but no info about blocking

              – michalsol
              Dec 7 '15 at 15:09











            • @michalsol you have the fail2ban daemon running, and in /etc/fail2ban/jail.local you have a section for ssh that includes enabled = true?

              – roaima
              Dec 7 '15 at 15:15











            • Yes, enabled=true is set, and I've started fail2ban using 'sudo service fail2ban restart'

              – michalsol
              Dec 7 '15 at 15:38















            0















            What am I missing?




            You could reduce your own ruleset's complexity and allow something like fail2ban to manage it for you. Available in a CentOS 7 package repository near you, or downloadable via EPEL on CentOS 6.



            Fail2ban has rules ready made for blocking ssh attacks, and there are a couple of tutorials here or here.






            share|improve this answer























            • I've just tried it but it doesn't seem to work. There is a new entry in iptables -L, but when I keep trying to log in with wrong passwords I don't get banned

              – michalsol
              Nov 30 '15 at 23:05











            • @michalsol you enabled the ssh rule in fail2ban's configuration as per the instructions, and restarted the daemon? You should see information in /var/log/fail2ban.log

              – roaima
              Dec 1 '15 at 12:52











            • Yes, I've done everything according to tutorial. In log file I just see that it has started but no info about blocking

              – michalsol
              Dec 7 '15 at 15:09











            • @michalsol you have the fail2ban daemon running, and in /etc/fail2ban/jail.local you have a section for ssh that includes enabled = true?

              – roaima
              Dec 7 '15 at 15:15











            • Yes, enabled=true is set, and I've started fail2ban using 'sudo service fail2ban restart'

              – michalsol
              Dec 7 '15 at 15:38













            0












            0








            0








            What am I missing?




            You could reduce your own ruleset's complexity and allow something like fail2ban to manage it for you. Available in a CentOS 7 package repository near you, or downloadable via EPEL on CentOS 6.



            Fail2ban has rules ready made for blocking ssh attacks, and there are a couple of tutorials here or here.






            share|improve this answer














            What am I missing?




            You could reduce your own ruleset's complexity and allow something like fail2ban to manage it for you. Available in a CentOS 7 package repository near you, or downloadable via EPEL on CentOS 6.



            Fail2ban has rules ready made for blocking ssh attacks, and there are a couple of tutorials here or here.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Nov 30 '15 at 21:51









            roaimaroaima

            45.8k758124




            45.8k758124












            • I've just tried it but it doesn't seem to work. There is a new entry in iptables -L, but when I keep trying to log in with wrong passwords I don't get banned

              – michalsol
              Nov 30 '15 at 23:05











            • @michalsol you enabled the ssh rule in fail2ban's configuration as per the instructions, and restarted the daemon? You should see information in /var/log/fail2ban.log

              – roaima
              Dec 1 '15 at 12:52











            • Yes, I've done everything according to tutorial. In log file I just see that it has started but no info about blocking

              – michalsol
              Dec 7 '15 at 15:09











            • @michalsol you have the fail2ban daemon running, and in /etc/fail2ban/jail.local you have a section for ssh that includes enabled = true?

              – roaima
              Dec 7 '15 at 15:15











            • Yes, enabled=true is set, and I've started fail2ban using 'sudo service fail2ban restart'

              – michalsol
              Dec 7 '15 at 15:38

















            • I've just tried it but it doesn't seem to work. There is a new entry in iptables -L, but when I keep trying to log in with wrong passwords I don't get banned

              – michalsol
              Nov 30 '15 at 23:05











            • @michalsol you enabled the ssh rule in fail2ban's configuration as per the instructions, and restarted the daemon? You should see information in /var/log/fail2ban.log

              – roaima
              Dec 1 '15 at 12:52











            • Yes, I've done everything according to tutorial. In log file I just see that it has started but no info about blocking

              – michalsol
              Dec 7 '15 at 15:09











            • @michalsol you have the fail2ban daemon running, and in /etc/fail2ban/jail.local you have a section for ssh that includes enabled = true?

              – roaima
              Dec 7 '15 at 15:15











            • Yes, enabled=true is set, and I've started fail2ban using 'sudo service fail2ban restart'

              – michalsol
              Dec 7 '15 at 15:38
















            I've just tried it but it doesn't seem to work. There is a new entry in iptables -L, but when I keep trying to log in with wrong passwords I don't get banned

            – michalsol
            Nov 30 '15 at 23:05





            I've just tried it but it doesn't seem to work. There is a new entry in iptables -L, but when I keep trying to log in with wrong passwords I don't get banned

            – michalsol
            Nov 30 '15 at 23:05













            @michalsol you enabled the ssh rule in fail2ban's configuration as per the instructions, and restarted the daemon? You should see information in /var/log/fail2ban.log

            – roaima
            Dec 1 '15 at 12:52





            @michalsol you enabled the ssh rule in fail2ban's configuration as per the instructions, and restarted the daemon? You should see information in /var/log/fail2ban.log

            – roaima
            Dec 1 '15 at 12:52













            Yes, I've done everything according to tutorial. In log file I just see that it has started but no info about blocking

            – michalsol
            Dec 7 '15 at 15:09





            Yes, I've done everything according to tutorial. In log file I just see that it has started but no info about blocking

            – michalsol
            Dec 7 '15 at 15:09













            @michalsol you have the fail2ban daemon running, and in /etc/fail2ban/jail.local you have a section for ssh that includes enabled = true?

            – roaima
            Dec 7 '15 at 15:15





            @michalsol you have the fail2ban daemon running, and in /etc/fail2ban/jail.local you have a section for ssh that includes enabled = true?

            – roaima
            Dec 7 '15 at 15:15













            Yes, enabled=true is set, and I've started fail2ban using 'sudo service fail2ban restart'

            – michalsol
            Dec 7 '15 at 15:38





            Yes, enabled=true is set, and I've started fail2ban using 'sudo service fail2ban restart'

            – michalsol
            Dec 7 '15 at 15:38











            0














            This is an old thread, but if anyone gets here this might help (solved for me).



            The issue is a missing kernel driver. After adding




            CONFIG_NETFILTER_XT_MATCH_RECENT=y




            to the kernel config and recompiling it, the problem was solved.
            You can also add it as a module (=m) and insmod it at runtime



            good luck!






            share|improve this answer



























              0














              This is an old thread, but if anyone gets here this might help (solved for me).



              The issue is a missing kernel driver. After adding




              CONFIG_NETFILTER_XT_MATCH_RECENT=y




              to the kernel config and recompiling it, the problem was solved.
              You can also add it as a module (=m) and insmod it at runtime



              good luck!






              share|improve this answer

























                0












                0








                0







                This is an old thread, but if anyone gets here this might help (solved for me).



                The issue is a missing kernel driver. After adding




                CONFIG_NETFILTER_XT_MATCH_RECENT=y




                to the kernel config and recompiling it, the problem was solved.
                You can also add it as a module (=m) and insmod it at runtime



                good luck!






                share|improve this answer













                This is an old thread, but if anyone gets here this might help (solved for me).



                The issue is a missing kernel driver. After adding




                CONFIG_NETFILTER_XT_MATCH_RECENT=y




                to the kernel config and recompiling it, the problem was solved.
                You can also add it as a module (=m) and insmod it at runtime



                good luck!







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 20 '17 at 7:07









                sagivdsagivd

                11




                11



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Unix & Linux Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f246450%2fiptables-no-chain-target-match-by-that-name-adding-ssh-attack-rule%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    getting Checkpoint VPN SSL Network Extender working in the command lineHow to connect to CheckPoint VPN on Ubuntu 18.04LTS?Will the Linux ( red-hat ) Open VPNC Client connect to checkpoint or nortel VPN gateways?VPN client for linux machine + support checkpoint gatewayVPN SSL Network Extender in FirefoxLinux Checkpoint SNX tool configuration issuesCheck Point - Connect under Linux - snx + OTPSNX VPN Ububuntu 18.XXUsing Checkpoint VPN SSL Network Extender CLI with certificateVPN with network manager (nm-applet) is not workingWill the Linux ( red-hat ) Open VPNC Client connect to checkpoint or nortel VPN gateways?VPN client for linux machine + support checkpoint gatewayImport VPN config files to NetworkManager from command lineTrouble connecting to VPN using network-manager, while command line worksStart a VPN connection with PPTP protocol on command linestarting a docker service daemon breaks the vpn networkCan't connect to vpn with Network-managerVPN SSL Network Extender in FirefoxUsing Checkpoint VPN SSL Network Extender CLI with certificate

                    Image
                    If human space travel is limited by the G force vulnerability, is there a way to counter G forces? Did Shadowfax go to Valinor? Do I have a twin with permutated remainders? Blender 2.8 I can't see vertices, edges or faces in edit mode 1960's book about a plague that kills all white people How can I make my BBEG immortal short of making them a Lich or Vampire? Alternative to sending password over mail? Is it inappropriate for a student to attend their mentor's dissertation defense? Why is Collection not simply treated as Collection<?> Took a trip to a parallel universe, need help deciphering Assassin's bullet with mercury Why is it a bad idea to hire a hitman to eliminate most corrupt politicians? I Accidentally Deleted a Stock Terminal Theme Is there a hemisphere-neutral way of specifying a season? What about the virus in 12 Monkeys? Why can't we play rap on piano? Arrow those variables! Today is the Center Modeling an IP Ad...
                    Read more

                    NetworkManager fails with “Could not find source connection”Trouble connecting to VPN using network-manager, while command line worksHow can I be notified about state changes to a VPN adapterBacktrack 5 R3 - Refuses to connect to VPNFeed all traffic through OpenVPN for a specific network namespace onlyRun daemon on startup in Debian once openvpn connection establishedpfsense tcp connection between openvpn and lan is brokenInternet connection problem with web browsers onlyWhy does NetworkManager explicitly support tun/tap devices?Browser issues with VPNTwo IP addresses assigned to the same network card - OpenVPN issues?Cannot connect to WiFi with nmcli, although secrets are provided

                    Image
                    What typically incentivizes a professor to change jobs to a lower ranking university? Reorder a Master List Based on a Reordered Subset How does one intimidate enemies without having the capacity for violence? Is it possible to do 50 km distance without any previous training? Java Casting: Java 11 throws LambdaConversionException while 1.8 does not How much RAM could one put in a typical 80386 setup? Is it legal for company to use my work email to pretend I still work there? Are astronomers waiting to see something in an image from a gravitational lens that they've already seen in an adjacent image? How is it possible to have an ability score that is less than 3? Why does Kotter return in Welcome Back Kotter? Can I ask the recruiters in my resume to put the reason why I am rejected? Why is consensus so controversial in Britain? Which country benefited the most from UN Security Council vetoes? Do infinite dimensional systems make sense? What's the poi...
                    Read more

                    대한민국 목차 국명 지리 역사 정치 국방 경제 사회 문화 국제 순위 관련 항목 각주 외부 링크 둘러보기 메뉴북위 37° 34′ 08″ 동경 126° 58′ 36″ / 북위 37.568889° 동경 126.976667°  / 37.568889; 126.976667ehThe Korean Repository문단을 편집문단을 편집추가해Clarkson PLC 사Report for Selected Countries and Subjects-Korea“Human Development Index and its components: P.198”“http://www.law.go.kr/%EB%B2%95%EB%A0%B9/%EB%8C%80%ED%95%9C%EB%AF%BC%EA%B5%AD%EA%B5%AD%EA%B8%B0%EB%B2%95”"한국은 국제법상 한반도 유일 합법정부 아니다" - 오마이뉴스 모바일Report for Selected Countries and Subjects: South Korea격동의 역사와 함께한 조선일보 90년 : 조선일보 인수해 혁신시킨 신석우, 임시정부 때는 '대한민국' 국호(國號) 정해《우리가 몰랐던 우리 역사: 나라 이름의 비밀을 찾아가는 역사 여행》“남북 공식호칭 ‘남한’‘북한’으로 쓴다”“Corea 대 Korea, 누가 이긴 거야?”국내기후자료 - 한국[김대중 前 대통령 서거] 과감한 구조개혁 'DJ노믹스'로 최단기간 환란극복 :: 네이버 뉴스“이라크 "韓-쿠르드 유전개발 MOU 승인 안해"(종합)”“해외 우리국민 추방사례 43%가 일본”차기전차 K2'흑표'의 세계 최고 전력 분석, 쿠키뉴스 엄기영, 2007-03-02두산인프라, 헬기잡는 장갑차 'K21'...내년부터 공급, 고뉴스 이대준, 2008-10-30과거 내용 찾기mk 뉴스 - 구매력 기준으로 보면 한국 1인당 소득 3만弗과거 내용 찾기"The N-11: More Than an Acronym"Archived조선일보 최우석, 2008-11-01Global 500 2008: Countries - South Korea“몇년째 '시한폭탄'... 가계부채, 올해는 터질까”가구당 부채 5000만원 처음 넘어서“‘빚’으로 내몰리는 사회.. 위기의 가계대출”“[경제365] 공공부문 부채 급증…800조 육박”“"소득 양극화 다소 완화...불평등은 여전"”“공정사회·공생발전 한참 멀었네”iSuppli,08年2QのDRAMシェア・ランキングを発表(08/8/11)South Korea dominates shipbuilding industry | Stock Market News & Stocks to Watch from StraightStocks한국 자동차 생산, 3년 연속 세계 5위자동차수출 '현대-삼성 웃고 기아-대우-쌍용은 울고' 과거 내용 찾기동반성장위 창립 1주년 맞아Archived"중기적합 3개업종 합의 무시한 채 선정"李대통령, 사업 무분별 확장 소상공인 생계 위협 질타삼성-LG, 서민업종인 빵·분식사업 잇따라 철수상생은 뒷전…SSM ‘몸집 불리기’ 혈안Archived“경부고속도에 '아시안하이웨이' 표지판”'철의 실크로드' 앞서 '말(言)의 실크로드'부터, 프레시안 정창현, 2008-10-01“'서울 지하철은 안전한가?'”“서울시 “올해 안에 모든 지하철역 스크린도어 설치””“부산지하철 1,2호선 승강장 안전펜스 설치 완료”“전교조, 정부 노조 통계서 처음 빠져”“[Weekly BIZ] 도요타 '제로 이사회'가 리콜 사태 불러들였다”“S Korea slams high tuition costs”““정치가 여론 양극화 부채질… 합리주의 절실””“〈"`촛불집회'는 민주주의의 질적 변화 상징"〉”““촛불집회가 민주주의 왜곡 초래””“국민 65%, "한국 노사관계 대립적"”“한국 국가경쟁력 27위‥노사관계 '꼴찌'”“제대로 형성되지 않은 대한민국 이념지형”“[신년기획-갈등의 시대] 갈등지수 OECD 4위…사회적 손실 GDP 27% 무려 300조”“2012 총선-대선의 키워드는 '국민과 소통'”“한국 삶의 질 27위, 2000년과 2008년 연속 하위권 머물러”“[해피 코리아] 행복점수 68점…해외 평가선 '낙제점'”“한국 어린이·청소년 행복지수 3년 연속 OECD ‘꼴찌’”“한국 이혼율 OECD중 8위”“[통계청] 한국 이혼율 OECD 4위”“오피니언 [이렇게 생각한다] `부부의 날` 에 돌아본 이혼율 1위 한국”“Suicide Rates by Country, Global Health Observatory Data Repository.”“1. 또 다른 차별”“오피니언 [편집자에게] '왕따'와 '패거리 정치' 심리는 닮은꼴”“[미래한국리포트] 무한경쟁에 빠진 대한민국”“대학생 98% "외모가 경쟁력이라는 말 동의"”“특급호텔 웨딩·200만원대 유모차… "남보다 더…" 호화病, 고질병 됐다”“[스트레스 공화국] ① 경쟁사회, 스트레스 쌓인다”““매일 30여명 자살 한국, 의사보다 무속인에…””“"자살 부르는 '우울증', 환자 중 85% 치료 안 받아"”“정신병원을 가다”“대한민국도 ‘묻지마 범죄’,안전지대 아니다”“유엔 "학생 '성적 지향'에 따른 차별 금지하라"”“유엔아동권리위원회 보고서 및 번역본 원문”“고졸 성공스토리 담은 '제빵왕 김탁구' 드라마 나온다”“‘빛 좋은 개살구’ 고졸 취업…실습 대신 착취”원본 문서“정신건강, 사회적 편견부터 고쳐드립니다”‘소통’과 ‘행복’에 목 마른 사회가 잠들어 있던 ‘심리학’ 깨웠다“[포토] 사유리-곽금주 교수의 유쾌한 심리상담”“"올해 한국인 평균 영화관람횟수 세계 1위"(종합)”“[게임연중기획] 게임은 문화다-여가활동 1순위 게임”“영화속 ‘영어 지상주의’ …“왠지 씁쓸한데””“2월 `신문 부수 인증기관` 지정..방송법 후속작업”“무료신문 성장동력 ‘차별성’과 ‘갈등해소’”대한민국 국회 법률지식정보시스템"Pew Research Center's Religion & Public Life Project: South Korea"“amp;vwcd=MT_ZTITLE&path=인구·가구%20>%20인구총조사%20>%20인구부문%20>%20 총조사인구(2005)%20>%20전수부문&oper_YN=Y&item=&keyword=종교별%20인구& amp;lang_mode=kor&list_id= 2005년 통계청 인구 총조사”원본 문서“한국인이 좋아하는 취미와 운동 (2004-2009)”“한국인이 좋아하는 취미와 운동 (2004-2014)”Archived“한국, `부분적 언론자유국' 강등〈프리덤하우스〉”“국경없는기자회 "한국, 인터넷감시 대상국"”“한국, 조선산업 1위 유지(S. Korea Stays Top Shipbuilding Nation) RZD-Partner Portal”원본 문서“한국, 4년 만에 ‘선박건조 1위’”“옛 마산시,인터넷속도 세계 1위”“"한국 초고속 인터넷망 세계1위"”“인터넷·휴대폰 요금, 외국보다 훨씬 비싸”“한국 관세행정 6년 연속 세계 '1위'”“한국 교통사고 사망자 수 OECD 회원국 중 2위”“결핵 후진국' 한국, 환자가 급증한 이유는”“수술은 신중해야… 자칫하면 생명 위협”대한민국분류대한민국의 지도대한민국 정부대표 다국어포털대한민국 전자정부대한민국 국회한국방송공사about korea and information korea브리태니커 백과사전(한국편)론리플래닛의 정보(한국편)CIA의 세계 정보(한국편)마리암 부디아 (Mariam Budia),『한국: 하늘이 내린 한 폭의 그림』, 서울: 트랜스라틴 19호 (2012년 3월)대한민국ehehehehehehehehehehehehehehWorldCat132441370n791268020000 0001 2308 81034078029-6026373548cb11863345f(데이터)00573706ge128495

                    Image
                    고조선원삼국 시대삼국 시대남북국 시대후삼국 시대고려조선대한제국일제 강점기대한민국 임시 정부한반도 분단미군정개요제1공화국제2공화국제3공화국제4공화국제5공화국제6공화국4.3 사건6.25 전쟁4.19 혁명5.16 쿠테타한강의 기적부마 항쟁10.26 사태12.12 사태광주 민주화 운동6월 항쟁1988년 서울올림픽IMF 외환...
                    Read more