Iptables hitcount instantly blocks ssh

xPalis

3/6/23, 9:05 AM

Need some help with iptables. I always use to have vps with public ipv4 ip and used these rules in iptables to block ssh connections that tried to connect too many times.

-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 180 --hitcount 3 --name DEFAULT --mask 255.255.255.255 --rsource -j DROP
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

Input by default use to be set to BLOCK. Before anyone says i should not use the default port 22 for ssh i dont... this is only for demonstration purposes. And yes i dont use root login and i use ssh keys. Now i have nat vps that has limited amount of open ports that you can use and if i try to use these rules i can no longer ssh to the vps. All the other rules work fine except for these. I tried to save the default iptable rules maybe someone can tell me why using above rules on this vps instantly blocks connection to ssh.

# Generated by iptables-save v1.4.21 on Fri Nov  5 22:58:56 2021
*raw
:PREROUTING ACCEPT [284:27162]
:OUTPUT ACCEPT [235:31044]
COMMIT
# Completed on Fri Nov  5 22:58:56 2021
# Generated by iptables-save v1.4.21 on Fri Nov  5 22:58:56 2021
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Fri Nov  5 22:58:56 2021
# Generated by iptables-save v1.4.21 on Fri Nov  5 22:58:56 2021
*security
:INPUT ACCEPT [284:27162]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [235:31044]
COMMIT
# Completed on Fri Nov  5 22:58:56 2021
# Generated by iptables-save v1.4.21 on Fri Nov  5 22:58:56 2021
*mangle
:PREROUTING ACCEPT [284:27162]
:INPUT ACCEPT [284:27162]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [235:31044]
:POSTROUTING ACCEPT [235:31044]
COMMIT
# Completed on Fri Nov  5 22:58:56 2021
# Generated by iptables-save v1.4.21 on Fri Nov  5 22:58:56 2021
*filter
:INPUT ACCEPT [284:27162]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [235:31044]
COMMIT
# Completed on Fri Nov  5 22:58:56 2021

0 + 0

vps

ssh

nat

iptables

Zareh Kasparian

3/6/23, 10:25 AM

use fail2ban with ssh jail configured.

Ginnungagap

3/8/23, 7:45 AM

Also, `-m state` is long dead, use `-m conntrack` with `--ctstate`. Or use nftables since iptables itself is deprecated ;)

xPalis

3/8/23, 1:04 PM

Hey, @Ginnungagap thanks for the answer, will try tho i feel like it might still not work... Btw this is on centos 7

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Iptables hitcount instantly blocks ssh

TH: Iptables hitcount บล็อก ssh ทันที

RO: Iptables hitcount blochează instantaneu ssh

RU: Iptables hitcount мгновенно блокирует ssh

VI: Iptables hitcount ngay lập tức chặn ssh

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.