* per j (perj8@hotmail.com) wrote: > I'm using vanilla kernel 2.0.43 with patches from patch-o-matic CVS > (Jan24,2003), openmosix, super-freeS/WAN, ipt_recent 0.2.7 > (ipt_recent-0.2.6.tar.gz). And netfilter stuff all built as modules. You're using 2.0.43? iptables was introduced in 2.4... > Here are the rules in my iptables 1.2.7a: > INPUT chain (default DROP): > -j ACCEPT -i ppp0 --state ESTABLISHED,RELATED > -j DROP -i ppp0 -m recent --update --rttl --name recentDropBox > -j LOG -i ppp0 --log-prefix recentDropBox -m limit > -j DROP -i ppp0 -m recent --set --name recentDropBox First you might try adding --rttl to the --set line. I'll also go back and check my code in that area... Using the latest ipt_recent, can you paste what you see in /proc/net/ipt_recent/recentDropBox? There could certainly be a problem in that area as the TTL match has been tested less... Stephen
Attachment:
pgp00314.pgp
Description: PGP signature
