The Puppet Labs Issue Tracker has Moved:

This issue tracker is now in read-only archive mode and automatic ticket export has been disabled. Redmine users will need to create a new JIRA account to file tickets using See the following page for information on filing tickets with JIRA:

Feature #11100

firewall: Add support for "recent" iptables module

Added by Mohamed Lrhazi over 4 years ago. Updated about 3 years ago.

Status:ClosedStart date:11/30/2011
Priority:NormalDue date:
Assignee:-% Done:


Category:firewallSpent time:-
Target version:-
Keywords: Branch:

We've Moved!

Ticket tracking is now hosted in JIRA:


To allow for rate limiting SSH attampts for example:

/usr/sbin/iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
/usr/sbin/iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent  --update --seconds 60 --hitcount 4 -j DROP


#1 Updated by Jonathan Boyett over 4 years ago

  • Subject changed from Add support for "recent" iptables module to firewall: Add support for "recent" iptables module

#2 Updated by Ken Barber over 4 years ago

  • Status changed from Unreviewed to Accepted

#3 Updated by Daniel Black over 4 years ago

started work here. Don’t know if I’ll get time to get back to it. Happy reading for anyone that wants to continue.

#4 Updated by Ioannis Aslanidis almost 4 years ago

This is required to be able to implement port-knocking with the firewall module, among other things.

#5 Updated by Jack Neely over 3 years ago

We require the recent module to rate limit by IP address connections to the SSH port. I’ve done some additional work that can be found here:

This is in production and appears to work with git head.

Also, the following helped a bunch to get all the bits in place.

#6 Updated by Ken Barber about 3 years ago

  • Status changed from Accepted to Closed

Hiya … I’ve fall behind a bit on all this work, also the bug tracker is moving to here: I’ve managed to move what I still think is relevant and merge up items that are related. Consider this a slight declaration of ‘ticket debt’. If you think you’re issue isn’t represented in the new tracker feel free to open a new one.

Apologies for any confusion :–).


#7 Updated by Ken Barber about 3 years ago

Sorry – the new URL is actually: … thanks @Wolfspyre.

Also available in: Atom PDF