On Thursday 2008-08-14 22:00, Grant Taylor wrote: > On 8/14/2008 8:53 PM, Jan Engelhardt wrote: >> Nope that would not work because the source and destination addresses are >> flipped on return packets, and then you even have the .255 thing. > > Ah. I forgot about the fact that recent only dealt with the source IP and that > you could not specify source or dest in the set / update / check parameters to > recent. :( You can specify --rsrc/--rdest (patch just merged that documents them). But somehow I am not sure... -A INPUT -d 192.168.0.255 -p udp --dport 161 -m recent --name snmp --rsrc --set -A OUTPUT -p udp --sport 161 -m recent --name snmp --rdest --rcheck Try? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
