[CentOS] centos 5.5: iptables: module recent

Helmut Drodofsky

drodofsky at internet-xs.de
Thu Jan 27 14:41:15 UTC 2011


Hello,
 
I have well performing iptables in centos 5.2 and 5.3 :
-A INPUT -m state --state NEW -m recent --update --seconds 60 --hitcount 1000 -p tcp --dport 25 -j LOG --log-prefix "FW DROP IP Flood: "
 
Centos 5.5, updated today:
 
Without -hitcount :  iptables accept the line 
Including -hitcount : iptables brings an error message:
 Applying iptables firewall rules: iptables-restore: line 47 failed
                                                  [FAILED]
The Line Number is always the number of the COMMIT statement. Not the line number of the statement with the recent module. So I think, iptables is missing something, What?
 
When I add the line interactive, the result is
[root at host sysconfig]# iptables -A INPUT -m state --state NEW -m recent --update --seconds 60 --hitcount 1000 -p tcp --dport 25 -j LOG --log-prefix "FW DROP IP Flood: "
iptables: Unknown error 18446744073709551615
 
The man page describes the parameter:
       [!] --seconds seconds
              This option must be used in conjunction with one of --rcheck or --update. When used, this will narrow the match to only happen when the address is in
              the list and was seen within the last given number of seconds.
 
       [!] --hitcount hits
              This option must be used in conjunction with one of --rcheck or --update. When used, this will narrow the match to only happen when the address is in
              the list and packets had been received greater than or equal to the given value. This option may be used along with --seconds to create an even  nar-
              rower match requiring a certain number of hits within a specific time frame.
 
 
Without -hitcount the rule is worthless. 
 
Suggestions?
 
Many Thanks
Helmut
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20110127/0c1a820b/attachment.html>


More information about the CentOS mailing list