On 6/25/05, Marius Mertens <marius.mertens@xxxxxx> wrote: > > (3) Also, is this the only position for the negation that makes the > > rule work as intended? > > Yes, you are telling the recent module to do an rcheck in the list, > the --seconds and --hitcount just specifiy further criteria for that rcheck. > The negation belongs to the whole rcheck construct, you cannot invert just > single comparisons within that. Btw, be careful there, at least with my > installation an incorrectly placed "!" does not trigger an error message, > but is just ignored, so your rule might do the opposite of what you wanted > it to do. For details and where negations are valid you can also have a look > at "iptables -m recent --help" Ah, indeed that command shows that --seconds and --hitcount cannot take a negation. I was going by http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-3.html#ss3.16 which shows that almost all options can take a negation. Reading the fine manual was my downfall. =) Thank you for the informative response.
