Hello, all. I read this document about iptables recent module. http://blog.andrew.net.au/2005/02/16#ipt_recent_and_ssh_attacks and I would like to filter the excessive spam mail sending ip address by iptables recent module. and some questions. iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --set --name SPAM iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SPAM -j DROP If I set like above, I can't understand the meaning of the hitcount. it means the number of a packet, session or connection? above rule means if 4 connection for 60 seconds, the ip will be filtered for 60 seconds, right? if some ip was filtered, how long will be filtered? for 60 seconds? when I see the list as cat /proc/net/ipt_recent/SPAM the maximum number is 100. if it reaches the 100, no problem? and how to increase the number? Thanks in advance. _________________________________________________________________ 메신저 10살 생일도 축하해 주시고,이벤트도 참여하세요~! http://im.msn.co.kr/im/main/mainCoverDetail.asp?BbsCode=bbs01&Seq=2688