Package: iptables
Version: 1.3.3-2
Followup-For: Bug #272729
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Manpage of Iptables show
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
recent
Allows you to dynamically create a list of IP addresses and then
match against that list in a few different ways.
For example, you can create a ‘badguy’ list out of people
attempting to connect to port 139 on your firewall and
then DROP all future packets from them without considering them.
--name name
Specify the list to use for the commands. If no name is
given then ’DEFAULT’ will be used.
[!] --set
This will add the source address of the packet to the
list. If the source address is already in the list,
this will update the existing entry. This will always
return success (or failure if ‘!’ is passed in).
[!] --rcheck
Check if the source address of the packet is currently in
the list.
[!] --update
Like --rcheck, except it will update the "last seen"
timestamp if it matches.
[!] --remove
Check if the source address of the packet is currently
in the list and if so that address will be removed
from the list and the rule will return true. If the
address is not found, false is returned.
[!] --seconds seconds
This option must be used in conjunction with one of
- --rcheck or --update. When used, this will narrow the
match to only happen when the address is in the list and
was seen within the last given number of seconds.
[!] --hitcount hits
This option must be used in conjunction with one of
- --rcheck or --update. When used, this will narrow the
match to only happen when the address is in the list and
packets had been received greater than or equal to
the given value. This option may be used along with
- --seconds to create an even narrower match requiring a
certain number of hits within a specific time frame.
- --rttl This option must be used in conjunction with one of --rcheck or
- --update. When used, this will narrow the
match to only happen when the address is in the list and
the TTL of the current packet matches that of the
packet which hit the --set rule. This may be useful if
you have problems with people faking their source
address in order to DoS you via this module by disallowing
others access to your site by sending bogus
packets to you.
Examples:
# iptables -A FORWARD -m recent --name badguy --rcheck
# --seconds 60 -j DROP
# iptables -A FORWARD -p tcp -i eth0 --dport 139 -m recent
# --name badguy --set -j DROP
Official website (http://snowman.net/projects/ipt_recent/) also
has some examples of usage.
/proc/net/ipt_recent/* are the current lists of addresses and
information about each entry of each list.
Each file in /proc/net/ipt_recent/ can be read from to see
the current list or written two using the following
commands to modify the list:
echo xx.xx.xx.xx > /proc/net/ipt_recent/DEFAULT
to Add to the DEFAULT list
echo -xx.xx.xx.xx > /proc/net/ipt_recent/DEFAULT
to Remove from the DEFAULT list
echo clear > /proc/net/ipt_recent/DEFAULT
to empty the DEFAULT list.
The module itself accepts parameters, defaults shown:
ip_list_tot=100
Number of addresses remembered per table
ip_pkt_list_tot=20
Number of packets per address remembered
ip_list_hash_size=0
Hash table size. 0 means to calculate it based on
ip_list_tot, default: 512
ip_list_perms=0644
Permissions for /proc/net/ipt_recent/* files
debug=0
Set to 1 to get lots of debugging info
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
But,
# iptables -m recent --help
show this:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
recent v1.3.3 options:
[!] --set Add source address to list, always
matches.
[!] --rcheck Match if source address in list.
[!] --update Match if source address in list, also
update last-seen time.
[!] --remove Match if source address in list, also
removes that address from list.
--seconds seconds For check and update commands above.
Specifies that the match will only occur
if source address last seen within
the last 'seconds' seconds.
--hitcount hits For check and update commands above.
Specifies that the match will only occur
if source address seen hits times.
May be used in conjunction with the
seconds option.
--rttl For check and update commands above.
Specifies that the match will only occur
if the source address and the TTL
match between this packet and the one
which was set.
Useful if you have problems with people
spoofing their source address in order
to DoS you via this module.
--name name Name of the recent list to be used.
DEFAULT used if none given.
--rsource Match/Save the source address of each
packet in the recent list table (default).
--rdest Match/Save the destination address of
each packet in the recent list table.
ipt_recent v0.3.1: Stephen Frost <[EMAIL PROTECTED]>.
http://snowman.net/projects/ipt_recent/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
- -- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.13-1-amd64-k8
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Versions of packages iptables depends on:
ii libc6 2.3.5-7 GNU C Library: Shared libraries an
iptables recommends no packages.
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDZ17UidffdjWZJQERAnh6AJ9FOVVsQ0Yv4acpb1r8ApPsoQzLaACePHLi
WkeI/q7Ew/LmnZD9i9CPPQc=
=f4g4
-----END PGP SIGNATURE-----
