More than 10 years working with linux, and basics things f... me yet. the line add in /etc/modprobe.d/options was wrong.
options ipt_recent ipt_pkt_list_tot=30 correct way options ipt_recent* ip_pkt_list_tot*=30 The letter T. just it Samuel Rios Carvalho On Wed, Mar 6, 2013 at 3:30 PM, Samuel Rios Carvalho <[email protected]>wrote: > I restarted the server without options for modules. > > When ai run the line below, show this messagem in dmesg > > > /sbin/iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m > recent --set > > nf_conntrack version 0.5.0 (4894 buckets, 19576 max) > [13952201.603690] CONFIG_NF_CT_ACCT is deprecated and will be removed > soon. Please use > [13952201.603699] nf_conntrack.acct=1 kernel parameter, acct=1 > nf_conntrack module option or > [13952201.603706] sysctl net.netfilter.nf_conntrack_acct=1 to enable it. > > The options ever was configured. > > When I run this one, show this. > > > /sbin/iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m > recent --update --seconds 60 --hitcount 30 -j DROP > > iptables: Invalid argument. Run `dmesg' for more information. > > in dmesg nothing is showed more. > > I added this line in /etc/sysctl.conf > > net.netfilter.nf_conntrack_acct = 1 > > no sucess yet. > > Samuel Rios Carvalho > > > On Wed, Mar 6, 2013 at 2:47 PM, green <[email protected]> wrote: > >> Samuel Rios Carvalho wrote at 2013-03-06 10:58 -0600: >> > I found that hitcount by default is 20. I need at least 30. >> > >> > I add this line in /etc/modprobe.d/options (i created this file) >> > >> > options ipt_recent ipt_pkt_list_tot=30 >> > >> > So, I restart server and I run those two lines of iptables, but in dmesg >> > show this error and the module doesn´t load. >> > >> > xt_recent: Unknown parameter `ipt_pkt_list_tot' >> >> You should not need to use any special module parameters. Just >> specify all parameters in your iptables rule according to the `recent` >> module documentation in the iptables manual. >> > >
