On Tue, 9 Nov 2004, Craig Sanders wrote: > it would be useful when Appending or Inserting a rule into a chain, to be able > to specify an expiry time for that rule, so that it was automatically deleted > after N seconds, e.g. "--rule_expire 3600" for 1 hour, or "--rule_expire 86400" > for 1 day. > > that would be very handy for writing log-watcher scripts (see below for > example) without having to worry about cleaning up old rules - just Insert the > rule with the desired expiry time and forget about it. ipset would be more appropriate for the given task: - single, static iptables rule: /sbin/iptables -I INPUT -m set --set spammers src -j DROP - dynamically maintained 'spammers' set Unfortunately the new ipset package is still not ready yet :-(( Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
