On Wed, Jun 27, 2007 at 05:00:43PM +0800, Msquared wrote: > Hi people! > > I seem to be having a problem where a rule with --hitcount is matching > when there are fewer hits than is listed in the hitcount parameter. > > I have the following two rules in a chain called service-ssh: > > -m recent --update --seconds 40 --hitcount 5 --name SSH --rsource -j DROP > -m recent --set --name SSH --rsource -j ACCEPT > > The rules are in a chain that is only hit for incoming SSH connections. > EG: I have this rule in the INPUT chain: > > -m tcp --dport 22 -j service-ssh > You are sending all the traffic to the port 22. Use -m state --state NEW, so that only new ssh connections can be updated. hdemir.
