On Sun, 15 May 2005, Patrick Nelson wrote:
iptables -A SSH_Brute_Force -m recent --name SSH ! --rcheck --seconds 60 -m recent --hitcount 4 --set --name SSH -j RETURN
is a integral part of his method. I have the same output to the command iptables -m recent -h as others here:
<snip>
recent v1.2.11 options:
[!] --set Add source address to list, always matches.
[!] --rcheck Match if source address in list.
[!] --update Match if source address in list, also update last-seen time.
[!] --remove Match if source address in list, also removes that address from list.
--seconds seconds For check and update commands above.
Specifies that the match will only occur if source address last seen within the last 'seconds' seconds.
--hitcount hits For check and update commands above.
Specifies that the match will only occur if source address seen hits times.
<snip>
And I get the same output from Grant's recent command of:
iptables v1.2.11: Unknown arg `4' Try `iptables -h' or 'iptables --help' for more information.
If the doc is to be believed then --hitcount is only valid with --remove and --update. IOW, it's not valid with --set and --rcheck.
