On Wed, Jun 27, 2007 at 11:07:38AM +0200, Patrick McHardy wrote: > > I seem to be having a problem where a rule with --hitcount is matching > > when there are fewer hits than is listed in the hitcount parameter. > > Which kernel version are you using? 2.4.22-1.2199.8.legacy.nptl On Wed, Jun 27, 2007 at 12:41:46PM +0300, hdemir@xxxxxxxxxxx wrote: > > The rules are in a chain that is only hit for incoming SSH connections. > > EG: I have this rule in the INPUT chain: > > > > -m tcp --dport 22 -j service-ssh > > You are sending all the traffic to the port 22. Use -m state --state > NEW, so that only new ssh connections can be updated. I already tried that, but it made no difference (perhaps because -m state --state ESTABLISHED,RELATED -j ACCEPT higher in the INPUT chain). Note from the iptables -vnL output that I showed that it only counted one hit on the --set rule and a number of hits on the --update rule. Regards, Msquared...
