In-Reply-To: <4B30F618.6060809@xxxxxxxxxxxxx>
On: Tue, 22 Dec 2009 17:38:48 +0100, "Dirk H. Schulz"
<dirk.schulz@xxxxxxxxxxxxx> wrote:
> That is a new "phenomenon" I also ran into. You now have to
> adjust memory values.
>
> I have added to my /etc/modprobe.conf
> "options ipt_recent ipt_pkt_list_tot=75"
> Now I can use hitcount values of 50 (did not test if the above
> is sufficient for higher values).
I found this on the net so I deduce that you would be safe up to a
hitcount value of 75.
> [PATCH] netfilter: ipt_recent: sanity check hit count
> From: Daniel Hokka Zakrisson
> Date: Sat Mar 15 2008 - 10:11:05 EST
>
> If a rule using ipt_recent is created with a hit count greater
> than ip_pkt_list_tot, the rule will never match as it cannot
> keep track of enough timestamps. This patch makes ipt_recent
> refuse to create such rules.
>
> With ip_pkt_list_tot's default value of 20, . . .
Thanks for the lead.
Regards,
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@xxxxxxxxxxxxx
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
