{"id":16421718,"url":"https://github.com/peppelinux/iptables_xt_recent_parser","last_synced_at":"2025-03-23T07:32:06.479Z","repository":{"id":54460449,"uuid":"86176228","full_name":"peppelinux/iptables_xt_recent_parser","owner":"peppelinux","description":"Tool used for converting Linux Kernel time jiffies, from iptables xt_recent timestamps, to human datetime","archived":false,"fork":false,"pushed_at":"2021-02-16T13:54:49.000Z","size":31,"stargazers_count":13,"open_issues_count":0,"forks_count":7,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-18T18:45:35.915Z","etag":null,"topics":["iptables","iptables-xt","jiffies","recent"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/peppelinux.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-03-25T17:38:40.000Z","updated_at":"2024-04-17T11:00:44.000Z","dependencies_parsed_at":"2022-08-13T16:20:26.634Z","dependency_job_id":null,"html_url":"https://github.com/peppelinux/iptables_xt_recent_parser","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peppelinux%2Fiptables_xt_recent_parser","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peppelinux%2Fiptables_xt_recent_parser/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peppelinux%2Fiptables_xt_recent_parser/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peppelinux%2Fiptables_xt_recent_parser/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/peppelinux","download_url":"https://codeload.github.com/peppelinux/iptables_xt_recent_parser/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245072041,"owners_count":20556352,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["iptables","iptables-xt","jiffies","recent"],"created_at":"2024-10-11T07:34:30.150Z","updated_at":"2025-03-23T07:32:06.143Z","avatar_url":"https://github.com/peppelinux.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# iptables_xt_recent_parser\nUsed for converting jiffies from iptables xt_recent into timestamps.\n\nAn example of xt_recent log can be like this, where only 2 syn connections in 20 seconds are allowed:\n\n````\nexport IPT=iptables\nexport SSH_PORT=22\nexport HITCOUNT=3 # 2 syn connection (\u003c3)\nexport SECONDS=20 # in 20 seconds are allowed\n\n\n# --rcheck: Check if the source address of the packet is  currently  in  the list.\n# --update: Like  --rcheck,  except it will update the \"last seen\" timestamp if it matches.\n\n$IPT -A INPUT -p tcp -m tcp --dport $SSH_PORT -m state --state NEW -m recent --set --name sshguys --rsource\n$IPT -A INPUT -p tcp -m tcp --dport $SSH_PORT -m state  --state NEW  -m recent --rcheck --seconds $SECONDS --hitcount $HITCOUNT --rttl --name sshguys --rsource -j LOG --log-prefix \"BLOCKED SSH (brute force)\" --log-level 4 -m limit --limit 1/minute --limit-burst 5\n$IPT -A INPUT -p tcp -m tcp --dport $SSH_PORT -m recent --rcheck --seconds $SECONDS --hitcount $HITCOUNT --rttl --name sshguys --rsource -j REJECT --reject-with tcp-reset\n$IPT -A INPUT -p tcp -m tcp --dport $SSH_PORT -m recent --update --seconds $SECONDS --hitcount $HITCOUNT --rttl --name sshguys --rsource -j REJECT --reject-with tcp-reset\n$IPT -A INPUT -p tcp -m tcp --dport $SSH_PORT -m state --state NEW,ESTABLISHED  -j ACCEPT\n````\n\nIn syslog we can see blocked connections :\n\n````\nMar 26 14:06:41 cloudone-cla kernel: [5339977.637052] BLOCKED SSH (brute force)IN=eth0 OUT= MAC=00:50:56:92:00:04:00:14:c2:61:09:be:08:00 SRC=95.142.177.153 DST=160.97.104.18 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42489 DF PROTO=TCP SPT=44636 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0\n````\n\n### Usage\n````\nXT_RECENT python parser\n\u003cgiuseppe.demarco@unical.it\u003e\n\nusage: ipt_recents [-h] [-f F] [-txt] [-csv]\n\noptional arguments:\n  -h, --help  show this help message and exit\n  -f F        custom xt_recent path, default if omitted is:\n              /proc/net/xt_recent/DEFAULT\n  -txt        print it in human readable format\n  -csv        print it in CSV format\n````\n\n### Output\n````\nStandard readable view:\n190.102.72.44, last seen: 2017-03-26 13:31:55 after 1 connections\n187.112.185.153, last seen: 2017-03-26 13:28:07 after 2 connections\n95.142.177.153, last seen: 2017-03-26 13:27:31 after 12 connections\n\nCSV view:\nip_src;last_seen;connections;deltas_mean;delta_seconds\n190.102.72.44;2017-03-26 13:31:55.462201;1;0;\n187.112.185.153;2017-03-26 13:28:07.168819;2;0.0;0\n95.142.177.153;2017-03-26 13:27:31.976049;12;1.7272727272727273;1,1,1,1,1,1,2,3,3,1,4\n\n````\n\nIn CSV format there are time delta mean and time delta in seconds, for every attempts.\n\n### Requirements\n\n- Python3\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpeppelinux%2Fiptables_xt_recent_parser","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpeppelinux%2Fiptables_xt_recent_parser","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpeppelinux%2Fiptables_xt_recent_parser/lists"}