I have a firewall/router box that runs Slackware. Upgraded the Kernel because of CVE-2010-3081. This broke all of my iptables rules that use hashlimit. Here's one of those rules:
iptables -A INPUT -i eth1 -p tcp --syn --dport 22 -m hashlimit --hashlimit 15/hour --hashlimit-burst 3 --hashlimit-htable-expire 600000 --hashlimit-mode srcip --hashlimit-name ssh -j ACCEPT
As you can see, all I'm trying to do is limit the number if incoming ssh connections to prevent my logs from being cluttered up with brute force attempts. This rule worked just fine on 2.6.30 but no longer works on 220.127.116.11. I get this error message:
iptables: No chain/target/match by that name
I found this site
, which is old, but suggests that the problem is a missing module called xt_tcpudp. This does not seem to be a standalone module for me though. I enabled EVERY Netfilter option while compiling my kernel and have tried it as modules and built right into the kernel. No dice.
Anyone else run into this? I have the feeling that I'm missing something really simple here but can't figure it out for the life for me.