Hello,
A suggestion for the match recent part of netfilter. Include a life_span
field in the table. A host is removed from a table after it hasn't been
seen for x seconds.
I suggest this because of the number of botnet hosts that rapidly fill
up the /proc/net/ipt_recent tables. Sometimes an attacking host is only
seen once in a long probe/attack.
Additional related suggestions:
Perhaps just reuse the --seconds parameter on a --set. instead of adding
a new parameter.
Give the field a default value. (3600?)
Have a module command line parameter for changing the default value.
Use 0 for an infinite life_span.
I apologize for not being able to submit code. I tried looking at the
source and I soon realized that my coding skills are VERY rusty.
I hope this sounds useful to you all. Keep up the good work.
Chris Hanson
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
