Pascal Hambourg wrote: > J. Bakshi a écrit : > >> Even after the blacklist interval the client can access the server >> successfully; the server still shows the client ip as blacklisted. >> Definately the ip can be removed or "clear" as described in the man page >> but storing the ip permanently at /proc/net/ipt_recent/blacklist is >> very confusing. How can you then check if the ip is still blacklisted >> or able to communicate with the server in real-life ? >> > > The list just stores source addresses and timestamps (the big numbers, > measured in jiffies) of recently seen packets in a FIFO manner. Whether > a packet will match the rule with 'recent' depends on its options > --seconds and/or --hitcount. So it is up to you to parse the timestamps > associated to an address and decide whether this address is blacklisted > or not. > Now understand the technique. I have 2 question here 1> how the time stamp is calculated here ? It might be possible to generate it through the date command. 2> How long these entries are kept at /proc/net/ipt_recent/ ? any way to modify that interval ? Thanks -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
