Hello,
up to CentOS 5.3 it was possible, to control new ip connections by
recent, seconds and hitcount
-A INPUT -m state --state NEW -m recent --set -p tcp --dport 80
-A INPUT -m state --state NEW -m recent --update --seconds 60 --hitcount
1000 -p tcp --dport 80 -j LOG --log-prefix FW DROP IP
Hello Helmut,
On Mon, 2012-06-11 at 11:54 +0200, Helmut Drodofsky wrote:
up to CentOS 5.3 it was possible, to control new ip connections by
recent, seconds and hitcount
-A INPUT -m state --state NEW -m recent --set -p tcp --dport 80
-A INPUT -m state --state NEW -m recent --update
Is the maximum permitted value for --hitcount documented anywhere?
I reliably get a iptables-restore error when I specify a hitcount
value greater than 20 but I cannot find any mention of there being a
maximum value.
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne
In-Reply-To: 4b30f618.6060...@kinzesberg.de
On: Tue, 22 Dec 2009 17:38:48 +0100, Dirk H. Schulz
dirk.sch...@kinzesberg.de wrote:
That is a new phenomenon I also ran into. You now have to
adjust memory values.
I have added to my /etc/modprobe.conf
options ipt_recent ipt_pkt_list_tot=75
Now
4 matches
Mail list logo