The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Feature #11100

firewall: Add support for "recent" iptables module

Added by Mohamed Lrhazi over 2 years ago. Updated about 1 year ago.

Status:ClosedStart date:11/30/2011
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:firewallSpent time:-
Target version:-
Keywords: Branch:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This issue is currently not available for export. If you are experiencing the issue described below, please file a new ticket in JIRA. Once a new ticket has been created, please add a link to it that points back to this Redmine ticket.


Description

To allow for rate limiting SSH attampts for example:

/usr/sbin/iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
/usr/sbin/iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent  --update --seconds 60 --hitcount 4 -j DROP

History

#1 Updated by Jonathan Boyett over 2 years ago

  • Subject changed from Add support for "recent" iptables module to firewall: Add support for "recent" iptables module

#2 Updated by Ken Barber over 2 years ago

  • Status changed from Unreviewed to Accepted

#3 Updated by Daniel Black about 2 years ago

started work here. Don’t know if I’ll get time to get back to it. Happy reading for anyone that wants to continue.

#4 Updated by Ioannis Aslanidis almost 2 years ago

This is required to be able to implement port-knocking with the firewall module, among other things.

#5 Updated by Jack Neely over 1 year ago

We require the recent module to rate limit by IP address connections to the SSH port. I’ve done some additional work that can be found here:

https://github.com/jjneely/puppetlabs-firewall/tree/recent

This is in production and appears to work with git head.

Also, the following helped a bunch to get all the bits in place.

http://thomas.apestaart.org/log/?p=1445

#6 Updated by Ken Barber about 1 year ago

  • Status changed from Accepted to Closed

Hiya … I’ve fall behind a bit on all this work, also the bug tracker is moving to here: https://github.com/puppetlabs/puppet-firewall/issues I’ve managed to move what I still think is relevant and merge up items that are related. Consider this a slight declaration of ‘ticket debt’. If you think you’re issue isn’t represented in the new tracker feel free to open a new one.

Apologies for any confusion :–).

Ken.

#7 Updated by Ken Barber about 1 year ago

Sorry – the new URL is actually: http://github.com/puppetlabs/puppetlabs-firewall/issues … thanks @Wolfspyre.

Also available in: Atom PDF