On Mon, 3 Nov 2014, Pietro Paolini wrote: > -A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m > recent --update --seconds 1800 --hitcount 5 --name ssh-defensive > --rsource -j DROP > Chain INPUT (policy ACCEPT 81 packets, 8996 bytes) > pkts bytes target prot opt in out source > destination > 1 52 LOG tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 state NEW tcp dpt:22 LOG flags 0 level 4 > I expected to see more packets, what about the TCP handshake ? -m state --state NEW means "the first packet in the connection", aka mostly the TCP SYN - not the rest, like SYN-ACK and following. c'ya sven-haegar -- Three may keep a secret, if two of them are dead. - Ben F. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
