on centos rmmod xt_recent modprobe xt_recent ip_list_tot=5000 will increase it to 5000 ;) (to run rmmod you need to remove the rules using recent before proceeding) Il 16/07/2012 15:12, richard lucassen ha scritto: > Hello list, > > Here are two "recent" rules: > > /usr/sbin/iptables -A INPUT -p tcp --dport 25 -m recent \ > --update --seconds 60 --hitcount 5 --name smtp -j LOG_REJECT > > /usr/sbin/iptables -A INPUT -p tcp --dport 25 -m recent --set \ > --name smtp -j ACCEPT > > When telnetting for the first time to port 25, the source ip appears in > > /proc/net/xt_recent/smtp > > So far, so good. But there are 100 entries according to the manpage: > > $ wc -l /proc/net/xt_recent/smtp > 100 > > Correct. OTOH, I'm sure that within seconds the 100 entries will be > exceeded, according to the number of connections set up to the smtp > server: > > # tcpdump -ni eth0 \ > 'dst host 10.1.193.3 and tcp port 25 and tcp[13] == 2' > (outputs a few per second) > > And according to /proc/net/ip_conntrack there are more than 100 entries > to 25/tcp. > > Where are the entries 101 and higher in /proc/net/xt_recent/smtp? > Are they ignored? Or is the oldest automagically purged? > > And when is an entry purged when the --reap is not used? Or does it > behave like a round robin FIFO? > > R. > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
