In-Reply-To: 4B30F618.6060809@kinzesberg.de
On: Tue, 22 Dec 2009 17:38:48 +0100, "Dirk H. Schulz" dirk.schulz@kinzesberg.de wrote:
That is a new "phenomenon" I also ran into. You now have to adjust memory values.
I have added to my /etc/modprobe.conf "options ipt_recent ipt_pkt_list_tot=75" Now I can use hitcount values of 50 (did not test if the above is sufficient for higher values).
I found this on the net so I deduce that you would be safe up to a hitcount value of 75.
[PATCH] netfilter: ipt_recent: sanity check hit count From: Daniel Hokka Zakrisson Date: Sat Mar 15 2008 - 10:11:05 EST
If a rule using ipt_recent is created with a hit count greater than ip_pkt_list_tot, the rule will never match as it cannot keep track of enough timestamps. This patch makes ipt_recent refuse to create such rules.
With ip_pkt_list_tot's default value of 20, . . .
Thanks for the lead.
Regards,