I'm trying to convert some iptables rules to nftables I want to make a rule that blocks a connection if there are more than 4 attempts in a 30 seconds time span
My original iptables rules are:
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 4 --rttl --name SSH -j DROP
How can I do the same (or equivelent) in nftables?
On
As far as I understand the iptables recent module does not have an equivalent in nftables, however, you should be able to achieve similar functionality using meters.
nft add rule ip filter INPUT tcp dport 22 ct state new meter SSHban { ip saddr and 255.255.255.255 limit rate over 8/minute burst 4 packets } counter drop
Documented here: https://wiki.nftables.org/wiki-nftables/index.php/Meters
I try months, can not find an exact match. But the I have a workaround.
For a fresh state, around 5 connections will be accepted for any new IP. If the
limit rateis hit, a new IP (not insshlist) has 2 chances. For any IP insshlist, only one chance left. And for any IP indenylist, any new connection will be rejected, until it is deleted from thedenylistby its 5 minute timeout.