[Solved] CentOS 5.10 - xt_recent missing?

Support for security such as Firewalls and securing linux
Post Reply
wbuckley
Posts: 2
Joined: 2014/07/24 16:15:22
Location: US

[Solved] CentOS 5.10 - xt_recent missing?

Post by wbuckley » 2014/07/24 17:23:34

I've just fresh-installed CentOS 5.10 as a minimal install from the netinstall image on a low-memory KVM instance (256MB), and when attempting to enable kernel modules so I could add my typical firewall rules, I noticed that xt_recent wasn't present. I distinctly remember the "recent" module being present in a previous CentOS 5 release and a fairly extensive poke at Google seems to back this up, with results mentioning its' use in 5.4 and 5.9 but nothing helpful showing up for 5.10. I've fully updated via yum update and yum upgrade, and have checked /lib/modules/2.6.18-371.el5/kernel/net/netfilter/, /lib/modules/2.6.18-371.9.1.el5/kernel/net/netfilter/, and /sys/module/ to verify that the file is indeed not present. My usual firewall rule combo that I'm hoping to be able to implement is below along with some basic info, more details via getinfo are in a paste here. If this module is intentionally not present in 5.10, is there any way I can achieve the same basic result without manually installing newer-version packages (as I'd prefer to be able to update via yum)?

Code: Select all

-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource -m comment --comment "SSH Protection 1A"
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH --rsource -m comment --comment "SSH Protection 1B" -j DROP

Code: Select all

[root@s2 ~]# modprobe xt_iprange
FATAL: Module xt_iprange not found.
[root@s2 ~]# modprobe xt_recent
FATAL: Module xt_recent not found.
[root@s2 ~]# yum provides /xt_recent.ko
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
 * base: mirror.tocici.com
 * extras: centos.sonn.com
 * updates: repos.lax.quadranet.com
Importing additional filelist information
No Matches found
[root@s2 ~]# yum list ipt*
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
 * base: mirror.tocici.com
 * extras: mirror.web-ster.com
 * updates: repos.lax.quadranet.com
Installed Packages
iptables.i386                        1.3.5-9.2.el5_8                   installed
iptables-ipv6.i386                   1.3.5-9.2.el5_8                   installed
iptstate.i386                        1.4-2.el5                         installed
Available Packages
iptables-devel.i386                  1.3.5-9.2.el5_8                   base
iptraf.i386                          3.0.0-5.el5                       base
[root@s2 ~]# cat /etc/redhat-release
CentOS release 5.10 (Final)
[root@s2 ~]# uname -a
Linux s2.*****.*** 2.6.18-371.el5 #1 SMP Tue Oct 1 08:37:57 EDT 2013 i686 i686 i386 GNU/Linux
Last edited by wbuckley on 2014/07/25 09:52:01, edited 1 time in total.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CentOS 5.10 - xt_recent missing?

Post by TrevorH » 2014/07/24 18:03:43

It's not called xt_recent on el5, it's ipt_recent. The change to using xt_* came in with el6 but the functionality is identical.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

wbuckley
Posts: 2
Joined: 2014/07/24 16:15:22
Location: US

Re: CentOS 5.10 - xt_recent missing?

Post by wbuckley » 2014/07/24 19:56:50

TrevorH wrote:It's not called xt_recent on el5, it's ipt_recent. The change to using xt_* came in with el6 but the functionality is identical.
Woops, seems I'm a bit rusty on 5. :) I'd been working with CentOS 6 and Fedora 18-20 mainly the past year or two, more recently CentOS 7. As a result I had misplaced or overwritten my CentOS 5/el5 notes, and the combo of commands tried and searches checked didn't lead me that direction. Thanks, pretty sure I'm all set, and will be marking as solved once I'm certain. (Also, had it been something else, my bad for missing lsmod in my OP.)

EDIT: Yep, looks like that's all it was, marked solved. This also applies to xt_addrtype and xt_iprange which are ipt_addrtype and ipt_iprange in CentOS 5 / el5. It curiously does not apply to xt_comment and xt_state which already have/had their more recent naming.

Post Reply