Welcome, Guest

Author Topic: iptables anti bruteforce need iptables-mod-conntrack-extra  (Read 2571 times)

davidedp

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
iptables anti bruteforce need iptables-mod-conntrack-extra
« on: April 08, 2016, 11:41:01 AM »
Hi,
I was trying to write some rules for anti brute force attacks.
I began with:

iptables -N HTTPCON
iptables -A INPUT -m tcp -p tcp --dport 22 -m state --state NEW -j HTTPCON
iptables -A HTTPCON -m recent --set --name NUM --rsource


after the last iptables I get this error:

iptables v1.4.21: Couldn't load match `recent':No such file or directory

Try `iptables -h' or 'iptables --help' for more information.


Then I found  here https://forum.openwrt.org/viewtopic.php?id=52608 that I may need to install the  iptables-mod-conntrack-extra packet. But whenever I try to install a packet that contains the "-recent" module for iptables I get the following error:

Installing iptables-mod-conntrack-extra (1.4.21-1) to root...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05-rc3/ramips/rt305x/packages/base/iptables-mod-conntrack-extra_1.4.21-1_ramips_24kec.ipk.
Multiple packages (kmod-ipt-core and kmod-ipt-core) providing same name marked HOLD or PREFER. Using latest.
Multiple packages (kmod-ipt-conntrack and kmod-ipt-conntrack) providing same name marked HOLD or PREFER. Using latest.
Collected errors:
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for iptables-mod-conntrack-extra:
 *    kernel (= 3.18.17-1-73d2b013e81727fe0664fd1b78bd291e) *
 * opkg_install_cmd: Cannot install package iptables-mod-conntrack-extra.



Do you have any suggestion?



LubOlimex

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1906
  • Karma: +48/-2
Re: iptables anti bruteforce need iptables-mod-conntrack-extra
« Reply #1 on: April 08, 2016, 01:44:57 PM »
Hello there,

Here: https://github.com/OLIMEX/OLINUXINO/issues/34

"
You cannot install kernel modules from openwrt repositories with our image. Even the kernel version match, the kernel magic won't. The solution is either build kernel with the modules that you need or you can use image from OpenWRT team..
"

Refer to the wiki article of the board for more information on how to upload a ready image or how to build the kernel. Here: https://www.olimex.com/wiki/RT5350F-OLinuXino

Best regards,
Lub/OLIMEX
Technical support and documentation manager at Olimex