[Shorewall-users] Limit Rule, Recent Match support, & shorewall upgrade

Wed, 28 Nov 2007 15:14:15 -0800 

I just upgraded to Shorewall 4.0.6 from 3.2.1.  I am using the
shorewall-perl compiler.

With my old config I had the following in my rules file:

#       forward FTP traffic to the FTP server
FTP/DNAT-       inet                    loc:192.168.1.50

#       slow down Brute Force attacks.  Limit the number
#       of connections per minute that can occur.
Limit:ULOG:FTPBFA,4,120 inet            loc:192.168.1.50      tcp     21  
   -       $ETH2_IP

I now get this error when running 'shorewall restart'
 ERROR: Limit rules require Recent Match in your kernel and iptables

If I run 'shorewall show capabilities' I receive the following:
Recent Match: Not available

Here is the output from 'lsmod':
sudo lsmod | grep recent
ipt_recent             11608  0
ip_tables              22720  46
iptable_raw,ipt_ULOG,ipt_ttl,ipt_TOS,ipt_tos,ipt_TCPMSS,ipt_tcpmss,ipt_sctp,ipt_SAME,ipt_REDIRECT,ipt_recent,ipt_realm,ipt_pkttype,ipt_physdev,ipt_owner,ipt_NOTRACK,ipt_NETMAP,ipt_multiport,ipt_MASQUERADE,ipt_MARK,ipt_mark,ipt_mac,ipt_LOG,ipt_limit,ipt_length,ipt_iprange,ipt_helper,ipt_hashlimit,ipt_esp,ipt_ECN,ipt_ecn,ipt_DSCP,ipt_dscp,ipt_conntrack,ipt_CONNMARK,ipt_connmark,ipt_comment,ipt_CLUSTERIP,ipt_CLASSIFY,ipt_ah,ipt_addrtype,iptable_nat,iptable_mangle,ipt_REJECT,ipt_state,iptable_filter

I assume ipt_recent is the module for Recent Match support??

My iptables version is iptables v1.3.5 and my kernel is 2.6.13.4 (compiled
from source).

Is ipt_recent the correct module for Recent Match support?  Do I not have
something enabled in iptables?

I am re-reading the port knocking docs with the shorewall-shell stuff but
I have not wrapped my head around everything.

I am looking for some advice on where I should be looking to nail down
this error.

Thanks.
-- 




-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell.  From the desktop to the data center, Linux is going
mainstream.  Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to