> On 2023-02-23 12:34, Kerin Millar wrote:
On Thu, 23 Feb 2023 12:04:44 +0100
Fourhundred Thecat <400thecat@xxxxxx> wrote:
The following option is detailed by iptables-extensions(8).
--exist
when adding an entry if it already exists, reset the timeout
value to the specified one or to the default from the set defi‐
nition
OK, thank you. But now I have this problem:
I want to:
1) reset timeout if IP alredy in PORTSCAN
2) drop the packet
I wrote these 2 rules:
1) -A INPUT -j SET --add-set PORTSCAN src --timeout 3600 --exist
2) -A INPUT -m set --match-set PORTSCAN src -j DROP
but the problem is, rule 1) matches everything, not just IPs already in
PORTSCAN. This basically adds everything to PORTSCAN
How can I combine these two rules into one, so that I only reset IPs
that are already in PORTSCAN ?
I tried this (naively), but get error: unknown option "--exist"
-A INPUT -m set --match-set PORTSCAN src --exist -j DROP
