Hello Helmut, On Mon, 2012-06-11 at 11:54 +0200, Helmut Drodofsky wrote: > up to CentOS 5.3 it was possible, to control new ip connections by > "recent", "seconds" and "hitcount" > > -A INPUT -m state --state NEW -m recent --set -p tcp --dport 80 > -A INPUT -m state --state NEW -m recent --update --seconds 60 > --hitcount > 1000 -p tcp --dport 80 -j LOG --log-prefix "FW DROP IP Flood: " > -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -m recent > --update --seconds 60 --hitcount 1000 -j DROP > -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT > hitcount does not accept values of 25 or above: 20* on CentOS-5 afaict. > [root at server ~]# iptables -A INPUT -m state --state NEW -m recent --set > -p tcp --dport 80 > [root at server~]# iptables -A INPUT -m state --state NEW -m recent > --update --seconds 1 --hitcount 25 -p tcp --dport 80 -j LOG --log-prefix > "FW DROP IP Flood: " > iptables: Unknown error 4294967295 I suggest you take this upstream. Apparently there are quite a few issues between the various kernel and iptables verions and also the different architectures. https://bugzilla.redhat.com/show_bug.cgi?id=639026 seems to be the issue you are experiencing. (Note that 4294967295 = 2^32-1 and 18446744073709551615 = 2^64-1, which makes me believe the reporter of the above bug runs on x86_64 and you're probably running a 32 bit system. These things should be mentioned when you report bugs as well as the CentOS and package versions you are conducting your tests on/with.) Try to google for site:bugzilla.redhat.com iptables: Unknown error 4294967295 and site:bugzilla.redhat.com iptables: Unknown error 18446744073709551615 for more related bugzilla entries. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research