^{※写真と本文は関係ありません。}

古いiptables（recentのときだけかな）

# rpm -qa |grep iptables
iptables-1.2.7a-0vl3
# cat /etc/vine-release
Vine Linux 2.6r4 (La Fleur de Bouard)


# /etc/init.d/iptables save 後 restart すると。

# /etc/init.d/iptables restart
現在のすべてのルールとユーザ定義チェインを初期化中: [ OK ]
現在のすべてのルールとユーザ定義チェインを破棄中: [ OK ]
iptablesファイアウォールルールを適用中: [ OK ]
Bad argument `recent:'
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[失敗]
# LANG=C /etc/init.d/iptables restart
Flushing all current rules and user defined chains: [ OK ]
Clearing all current rules and user defined chains: [ OK ]
Applying iptables firewall rules: [ OK ]
Bad argument `recent:'
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[FAILED]

こんな感じでエラーになる。
作成された/etc/sysconfig/iptablesのrecentのseconds,hit_countのあたりが間違えていて、手で修正した。
修正後がこんな感じ。

# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.2.7a on Mon Aug 25 13:25:54 2014
*mangle
:PREROUTING ACCEPT [3285:285701]
:INPUT ACCEPT [3285:285701]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2997:3037036]
:POSTROUTING ACCEPT [2997:3037036]
COMMIT
# Completed on Mon Aug 25 13:25:54 2014
# Generated by iptables-save v1.2.7a on Mon Aug 25 13:25:54 2014
*nat
:PREROUTING ACCEPT [191:20311]
:POSTROUTING ACCEPT [2:144]
:OUTPUT ACCEPT [2:144]
COMMIT
# Completed on Mon Aug 25 13:25:54 2014
# Generated by iptables-save v1.2.7a on Mon Aug 25 13:25:54 2014
*filter
:INPUT ACCEPT [4548:396382]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4024:3991116]
:SSH-LOGDROP - [0:0]
#[0:0] -A INPUT -i eth1 -p tcp -m tcp --dport 22 -m state --state NEW -m recent recent: seconds: 1701970164 hit_count: 1953391971 name: side: source -j SSH-LOGDROP
#[0:0] -A INPUT -i eth1 -p tcp -m tcp --dport 22 -m state --state NEW -m recent recent: seconds: 1701970164 hit_count: 1953391971 name: side: source
[0:0] -A INPUT -i eth1 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --name sshattack --rsource -j SSH-LOGDROP
[0:0] -A INPUT -i eth1 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name sshattack --rsource
[0:0] -A SSH-LOGDROP -j LOG --log-prefix "SSH attack: "
[0:0] -A SSH-LOGDROP -j DROP
COMMIT
# Completed on Mon Aug 25 13:25:54 2014


『iptables-restoreの使い方が間違えてる！』って言われるけど、iptables-saveが間違えているという…。