[CentOS] to filter dos ip using iptables recent

MontyRee chulmin2 at hotmail.com
Sun Aug 16 10:16:38 UTC 2009

Hello, all.
I read this document about iptables recent module.
and I would like to filter the excessive spam mail sending ip address by iptables recent module.
and some questions.
iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --set --name SPAM
iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SPAM -j DROP

If I set like above, 
I can't understand the meaning of the hitcount.
it means the number of a packet, session or connection?
above rule means if 4 connection for 60 seconds, the ip will be filtered for 60 seconds, right? 
if some ip was filtered, how long will be filtered? for 60 seconds?
when I see the list as cat /proc/net/ipt_recent/SPAM
the maximum number is 100. if it reaches the 100, no problem?
and how to increase the number? 
Thanks in advance.

메신저 10살 생일도 축하해 주시고,이벤트도 참여하세요~!

More information about the CentOS mailing list