I've come to a workaround solution, adding the following to /etc/modprobe.d/options and rebooting:
options xt_recent ip_pkt_list_tot=255 ip_list_tot=255 ip_list_hash_size=0 Still, I believe this issue needs to be addressed, since a hitcount default max of 20 seems extremely useless, especially in combination with no sort of error message that helps troubleshooting whatsoever, and no documentation that warns about this. think about it, --seconds 60 is allowed, and a 1Mbps upload connection is easy for most web users. Most of the users of the iptables recent module are going to be server operator, so likely their bandwidth is going to be WAY higher than that. How many packets could one send in 60 million bits worth of room? Hint: WAY more than 20! the --seconds parameter should be taken down to a smaller max, the hitcount max should be taken up to 100-200, and iptables needs to produce useful error messages when these max values have been exceeded so someone can stand a chance of finding a solution. With the current defaults, it is absolutely impossible to set a value high enough to be able to tell an attacker from 30 users behind a corporate proxy hitting a site with average web traffic, because corporate proxies often make new connections for every request (some for every file!), and with a max of 20, that lets one check for about 5 seconds before you hit that max. the Limit module handles telling corporate proxy users apart from attackers equally poorly in my experience, meaning one cannot set up even the most basic defenses against DDoS via IPTables. -- can no longer use iptables recent module multiple times after upgrade to lucid https://bugs.launchpad.net/bugs/580169 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
