Il giorno ven 14 giu 2024 alle ore 17:24 Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> ha scritto: > > On Fri, Jun 14, 2024 at 05:16:41PM +0200, Phil Sutter wrote: > > Support tracking of up to 65535 packets per table entry instead of just > > 255 to better facilitate longer term tracking or higher throughput > > scenarios. > > Could you develop a bit more the use case to expand this? Do you have > an example rule for me? > > > Requested-by: Fabio <pedretti.fabio@xxxxxxxxx> > > Link: https://bugzilla.netfilter.org/show_bug.cgi?id=1745 > > Hm, original bug report only refer to documentation update? I indeed opened the bug report mostly for the documentation, but also wrote there: "or, even better, make it possible to use a bigger value, since it is useful to detect longer duration abuses" I was trying to use the recent module to log IPs which generates lots of new connections from the internal network, to detect misbehaving clients (examples: misconfigured clients, torrent clients). Given the recent limit of 255 I tried hashlimit, however I found the recent module seems simpler and better to set up, perfect for the job, also it has --set , --rcheck, --update and --reap options, to set different trigger values to detect and keep IPs in the table. Thanks.
