Quick backstory. I recently took over an unused project from a co-worker who left over a year ago. The idea was to block IPs that reached a certain hit_count limit within a minute. When this was enabled, it worked...sort of. While iptables was keeping track of IPs, we weren't able to block when tests were performed. The reason had something to do with IPs in a "buffer pool" (??) were being knocked out when new IPs were tracked? I don't have the actual issue as he never documented it. I'm guessing that while iptables was keeping track of hit_counts, the list grew so big that it had to bump out IPs at the end of the list to track new ones. This is the best I can do to describe this and wondered if anyone knows about this. I don't have a name that allows me to research this so its been difficult to find a solution. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
