Ping a Specific Port

Question

sunknudsen

Asked: 2021-04-20 06:48:26 +0800 CST2021-04-20 06:48:26 +0800 CST 2021-04-20 06:48:26 +0800 CST

How to reset iptables rate limit counter?

772

I implemented SSH connection rate limiting using the following.

iptables -N SSH_BRUTE_FORCE_MITIGATION
iptables -A SSH_BRUTE_FORCE_MITIGATION -m recent --name SSH --set
iptables -A SSH_BRUTE_FORCE_MITIGATION -m recent --name SSH --update --seconds 300 --hitcount 10 -m limit --limit 1/second --limit-burst 100 -j LOG --log-prefix "iptables[ssh-brute-force]: "
iptables -A SSH_BRUTE_FORCE_MITIGATION -m recent --name SSH --update --seconds 300 --hitcount 10 -j DROP
iptables -A SSH_BRUTE_FORCE_MITIGATION -j ACCEPT

How can I reset rate limit counter?

Edit: tried sudo iptables -Z, but following error is thrown.

$ sudo iptables -Z
[sudo] password for pi:
iptables v1.8.2 (nf_tables):  RULE_REPLACE failed (Invalid argument): rule in chain INPUT

1 Answers

Voted

anx · Answer 1 · 2021-04-20T12:49:13+08:00

To reset the -m recent --name SSH data:

echo / | sudo tee /proc/net/xt_recent/SSH

From man 8 iptables-extensions, section "recent":

/proc/net/xt_recent/* are the current lists of addresses
 and information about each entry of each list.

Each file in /proc/net/xt_recent/ can be read from to see
 the current list or written two using the following commands to modify the list:

echo +addr >/proc/net/xt_recent/DEFAULT
    to add addr to the DEFAULT list 
echo -addr >/proc/net/xt_recent/DEFAULT
    to remove addr from the DEFAULT list 
echo / >/proc/net/xt_recent/DEFAULT
    to flush the DEFAULT list (remove all entries).

This is not the same as the per-rule packet/byte counters which can be cleared with iptables -Z.
This is also not the same as the -m limit (which you are using for rate-limiting the logging) or -m hashlimit counters. Those do not offer such proc interface. Possible workarounds:

unloading the module xt_recent/xt_limit/xt_hashlimit will discard the respective associated data
- only possible while no rules are currently using it
- needs to be built as a module - unloading builtins is not supported
changing the rules to use a different --name/--hashlimit-name (appending a number will do)
- not an atomic transaction
- depending on order of replacement, can momentarily mean in unexpected behaviour

How to reset iptables rate limit counter?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?