I'm trying to implement a simple defense against ssh brute force attacks. iptables -N SSH_Brute_Force iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource -j SSH_Brute_Force iptables -A SSH_Brute_Force -m recent ! --rcheck --seconds 60 --hitcount 2 --name SSH --rsource -j RETURN iptables -A SSH_Brute_Force -p tcp -j DROP
this should allow only 1 SYN in 60 seconds to port 22 and it works perfectly on the host, but not in a container. both are Centos 5.2, fully patched, kernel 2.6.18-92.1.1.el5.028stab057.2PAE in the syslog I see: Oct 14 11:06:41 xxx modprobe: FATAL: Could not load /lib/modules/2.6.18-92.1.1.el5.028stab057.2PAE/modules.dep: No such file or directory looks like its trying to load someting, but shouldn't it use a module in a host kernel instead? Any ideas? _______________________________________________ Users mailing list [email protected] https://openvz.org/mailman/listinfo/users
