Iptables issue - table does not exist? [SOLVED]

I am trying to create a few simple rules to cut down on the number of SSH bruteforce attempts and am having issues. After I create the rules I am attempting to use "iptables –list" to make sure they are there/correct, but am receiving the following.

$ iptables --list
iptables v1.3.8: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

I probably overlooked something easy, but still can't get it :S

14 Replies

use a different port. The second I changed my port to something other then 22 all that activity stopped.

I would also suggest knockd if u really wanna hide your sshd.

edit: I think the error is because u have yet to save the rules file. You create the rules file, but until u save it and restart daemon nothing will happen. What distro are u using?? In arch the command is /etc/rc.d/iptables save

my bad, I always like to leave links to the info I use… arch wiki is one to none if u ask me.

http://wiki.archlinux.org/index.php/Sim … ith_knockd">http://wiki.archlinux.org/index.php/SimplestatefulfirewallHOWTO#Workingwith_knockd

I am using Ubuntu Hardy. Thanks for the info on knockd will check it out.

My preferred solution is the relatively new "recent" feature in iptables. It can block any new SSH attempt from an IP which has made 3 in the previous five minutes. It really puts the brakes on the brute force attacks.

iptables -N SSHSCAN
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSHSCAN
iptables -A SSHSCAN -m recent --set --name SSH
iptables -A SSHSCAN -m recent --update --seconds 300 --hitcount 3 --name SSH -j DROP

See ~~[http://www.ducea.com/2006/06/28/using-iptables-to-block-brute-force-attacks/" target="_blank">](http://www.ducea.com/2006/06/28/using-i … e-attacks/">http://www.ducea.com/2006/06/28/using-iptables-to-block-brute-force-attacks/](

You probably want to whitelist your own home IP first.

Thanks Xan, problem is I can enter the rules, but can't list them and it doesn't appear to be working, though I really don't want to lock myself out to test. :?

@treybrown:

I really don't want to lock myself out to test. :?

Just use the console from your members login if you do. Don't underestimate the power of the console. I don't even run sshd.

@treybrown:

I am trying to create a few simple rules to cut down on the number of SSH bruteforce attempts and am having issues. After I create the rules I am attempting to use "iptables –list" to make sure they are there/correct, but am receiving the following.

$ iptables --list
iptables v1.3.8: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

I probably overlooked something easy, but still can't get it :S

are you root?

That message usually means that the appropriate iptables modules haven't been loaded…but Linode kernels have these built in. But even weirder, it seems that you should have gotten errors while creating the rules, not just when listing. I just tried this at home, and just running 'iptables --list" caused the modules to load…Hmmmm. Is your linode Xen or UML?

@jacko:

You create the rules file, but until u save it and restart daemon nothing will happen.

Would it be more consistent to write:

U create the rules file, but until u save it…

than to mix "you" and "u"?

James

@mwalling:

are you root?

:oops: OK, wow…I can't imagine why I didn't do this as root :oops:

Thanks for all the help everyone.

@kangaby:

Don't underestimate the power of the console. I don't even run sshd.

I never thought of that. Just don't run sshd and use the website to login. If i wanted to use putty, i could login to turn sshd on.

Are the any perceived downsides to that? The only one i can think of is if i didn't have a browser available.

You don't even need to use the website; you can ssh directly to the console; eg if you are on host72 then "ssh host72.linode.com -l yourlinodeusername" (or use putty or whatever) will get you direct access to the lish interface, which connects you to the console port.

@chacham:

The only one i can think of is if i didn.t have a browser available.
I use Putty to connect directly to the lish console on the host of my Linode. (Members area has details on how to do this for your account)

Sometimes it will slowdown, when the host is doing lots of stuff I guess, but other than that, it works a treat.

I've only ever used the Ajax console once from work, where putty (ssh) is blocked by our firewall, and that worked as well.

Wow, thanx for the great idea.

I just installed fail2ban, to see how that works out. I may just use this idea instead.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct