[CentOS] IPTABLES --hitcount maximum value
James B. Byrne
byrnejb at harte-lyne.ca
Tue Dec 22 18:38:40 UTC 2009
In-Reply-To: <4B30F618.6060809 at kinzesberg.de>
On: Tue, 22 Dec 2009 17:38:48 +0100, "Dirk H. Schulz"
<dirk.schulz at kinzesberg.de> wrote:
> That is a new "phenomenon" I also ran into. You now have to
> adjust memory values.
> I have added to my /etc/modprobe.conf
> "options ipt_recent ipt_pkt_list_tot=75"
> Now I can use hitcount values of 50 (did not test if the above
> is sufficient for higher values).
I found this on the net so I deduce that you would be safe up to a
hitcount value of 75.
> [PATCH] netfilter: ipt_recent: sanity check hit count
> From: Daniel Hokka Zakrisson
> Date: Sat Mar 15 2008 - 10:11:05 EST
> If a rule using ipt_recent is created with a hit count greater
> than ip_pkt_list_tot, the rule will never match as it cannot
> keep track of enough timestamps. This patch makes ipt_recent
> refuse to create such rules.
> With ip_pkt_list_tot's default value of 20, . . .
Thanks for the lead.
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
More information about the CentOS