Hello, all.
I read this document about iptables recent module. http://blog.andrew.net.au/2005/02/16#ipt_recent_and_ssh_attacks
and I would like to filter the excessive spam mail sending ip address by iptables recent module. and some questions.
iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --set --name SPAM iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SPAM -j DROP
If I set like above,
I can't understand the meaning of the hitcount. it means the number of a packet, session or connection?
above rule means if 4 connection for 60 seconds, the ip will be filtered for 60 seconds, right?
if some ip was filtered, how long will be filtered? for 60 seconds?
when I see the list as cat /proc/net/ipt_recent/SPAM the maximum number is 100. if it reaches the 100, no problem? and how to increase the number?
Thanks in advance.
_________________________________________________________________ 메신저 10살 생일도 축하해 주시고,이벤트도 참여하세요~! http://im.msn.co.kr/im/main/mainCoverDetail.asp?BbsCode=bbs01&Seq=2688