tried: iptables -A OUTPUT -m recent --seconds 60 --name
bullshit --rdest -j DROP
iptables v1.2.7a: recent: you must specify one of `--set', `--check'
`--update' or `--remove'
tried adding --check according to error I received, because I want just
checking and not including/updating/excluding:
iptables -A OUTPUT -m recent --seconds 60 --name bullshit --rdest --check -j
DROP
iptables v1.2.7a: Unknown arg `--check'
OK, seems recent module doesnt have the --check option despite the 1st
rule error message :) Watching 'iptables -m recent --help' i think I should
be using --rcheck .... let's try ....
iptables -A OUTPUT -m recent --seconds 60 --name
bullshit --rdest --rcheck -j DROP
And it works !! :))
Stephen, thanks very much for your help and, just in case, please
correct the error message ( --check to --rcheck stuff ).
Sincerily,
Leonardo Rodrigues
----- Original Message -----
From: "Stephen Frost" <sfrost@snowman.net>
To: "Leonardo Rodrigues ( listas )" <leolistas@solucoesip.net>
Cc: "netfilter ML" <netfilter@lists.samba.org>
Sent: Saturday, January 25, 2003 4:21 PM
Subject: Re: question on recent module
> * Leonardo Rodrigues ( listas ) (leolistas@solucoesip.net) wrote:
> >
> > It's really not clear for me :) Could you give an example rule of
how an
> > destination address could be checked with recent module in an OUTPUT
rule
> > for example ? This is my situation ..... i want ALL packets whose
> > destination was matched for the last 60 seconds in a recent list called
> > 'bullshit'.
> >
> > iptables -A OUTPUT -m recent --seconds 60 --name bullshit
??????????????? -j
> > DROP
>
> --rdest for the rule above, that's it. Note that something else needs
> to actually populate that table, but I think you've got that figured out
> already...
