Hey There,

I have a little problem with my OpenWRT-Device (WRT54GL).

I made my own iptable rules and one of it doesn´t work on OpenWRT.
The rule should block every hackers they want to brute force my ssh password.

### Accept ssh (2/min.)
iptables -A INPUT -p tcp -s 10.220.77.0/24 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -s 10.100.5.37/32 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m recent --rcheck --seconds 60 --hitcount 4 --name SSH -j DROP
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT

When I execute the script I get the following error message:

iptables v1.3.3: Couldn't load match `recent':File not found

Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.3: Couldn't load match `recent':File not found

Try `iptables -h' or 'iptables --help' for more information.

Can I install or upgrade a package which supports the recent match???
I hope anybody can help me!

Best Regards,
Soul_D!"@§$%

You might need to include the package iptables-mod-conntrack-extra.
The option is at least mentioned in the dectiption of that package:

https://dev.openwrt.org/browser/trunk/p … efile#L103

define Package/iptables-mod-conntrack-extra/description
Extra iptables extensions for connection tracking.
 Matches:
  - connbytes
  - connmark
  - recent
  - helper

 Targets:
  - CONNMARK

In config options it seems to be called kmod-ipt-conntrack-extra.

(Last edited by hnyman on 4 Aug 2011, 14:00)

Thanks for that tip, but now I get this error-message:

iptables: No chain/target/match by that name
iptables: No chain/target/match by that name

It looks like a missing function of the kernel!
Knows anybody remedy???

Best Regards,
Soul_D!"@§$%

no ideas???