On Mon, 26 May 2008 14:40:02 +0200 (CEST), Jan Engelhardt <jengelh@xxxxxxxxxx> wrote: > On Thursday 2008-05-22 17:16, Akhil Sharma wrote: > >>Question: in ipt_recent, if a client is added to a hitlist >>(/proc/net/ipt_recent/hitlist) after having violated a rule of sending >>over 10 packets in a minute, how long is the entry maintained in the >>list? Does it ever get removed from the hitlist? Instead, would it just >>track the last time the packets arrived and never get removed from the >>hitlist until the PC is rebooted? > > The list keeps a number of timestamps the client last sent a packet (at > least it seems so); when a new timestamp is added to the head of the > list, one gets evicted at the tail if the list has already reached > its maximum length. > Whether or not a packet subsequently matches the rule depends not on the > number of timestamp values recorded, but on the parameter you specified > in your rule (--seconds, etc.). As a matter of fact, on a local network, you can remove yourself from the list by overloading the table with spoof addresses, since by default a table remember ip_list_tot=100 ip adresses, and then attempt a new connection with your own ip :p! It works fine. --- Franck Joncourt http://www.debian.org/ - http://smhteam.info/wiki/ -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
