On Tuesday, 23. February 2010 14:59:46 Patrick McHardy wrote: > Tim Gardner wrote: > >>From 146111514a8c126268e848e45b7dd967329b072f Mon Sep 17 00:00:00 2001 > >> > > From: Tim Gardner <tim.gardner@xxxxxxxxxxxxx> > > Date: Thu, 18 Feb 2010 20:33:00 -0700 > > Subject: [PATCH] xt_recent: Fix false match. > > > > A rule with a zero hit_count will always match. > > Also applied, thanks Tim. I just updated from kernel 2.6.32.9 to kernel 2.6.32.10 which contains the xt_recent "zero hit_count will always match" fix. After that xt_recent stopped working for this scenario: iptables -A INPUT -m recent --rcheck --rdest --name INET_IP -j LOG echo "+1.2.3.4" >/proc/net/xt_recent/INET_IP The ip address 1.2.3.4 represents the current ip of my dial up connection. If I change "--rcheck" to "--update", it works again. Reverting the patch fixes the issue. Maybe this is related to the xt_recent proc interface creating the entry (with a zero hit count)? Cheers, Thomas -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
