Migrating iptables "recent" module to nftables

S. Dev

1/18/23, 11:05 AM

I'm looking for some help migrating some old iptables rules onto a system that is only using nftables.

iptables rules:

iptables -A INPUT -p tcp -m tcp --dport 22 -m recent --update --seconds 30 --hitcount 10 --name test --mask 255.255.255.255 --rsource -j DROP
iptables -A INPUT -p tcp -m tcp --dport 22 -m recent --set --name test --mask 255.255.255.255 --rsource

The nftables wiki suggests using Sets however I can't see how to apply --hitcount 10. The goal for this rule is to block SSH traffic per source address after 10 connections in a 30 second period.

235

0 + 0

iptables

nftables

Lobz

2/12/23, 11:33 AM

Please see a very similar thread: https://stackoverflow.com/questions/67765358/nftables-rate-limiting-per-multiple-seconds

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Migrating iptables "recent" module to nftables

TH: การโอนย้ายโมดูล "ล่าสุด" ของ iptables ไปยัง nftables

RO: Migrarea modulului „recent” iptables la nftables

RU: Миграция модуля iptables «недавний» в nftables

VI: Di chuyển mô-đun "gần đây" của iptables sang nftables

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.