In-Reply-To: <4B30F618.6060809 at kinzesberg.de> On: Tue, 22 Dec 2009 17:38:48 +0100, "Dirk H. Schulz" <dirk.schulz at kinzesberg.de> wrote: > That is a new "phenomenon" I also ran into. You now have to > adjust memory values. > > I have added to my /etc/modprobe.conf > "options ipt_recent ipt_pkt_list_tot=75" > Now I can use hitcount values of 50 (did not test if the above > is sufficient for higher values). I found this on the net so I deduce that you would be safe up to a hitcount value of 75. > [PATCH] netfilter: ipt_recent: sanity check hit count > From: Daniel Hokka Zakrisson > Date: Sat Mar 15 2008 - 10:11:05 EST > > If a rule using ipt_recent is created with a hit count greater > than ip_pkt_list_tot, the rule will never match as it cannot > keep track of enough timestamps. This patch makes ipt_recent > refuse to create such rules. > > With ip_pkt_list_tot's default value of 20, . . . Thanks for the lead. Regards, -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3