Jan Engelhardt wrote: > On May 10 2007 15:20, Patrick McHardy wrote: > >>>And the following cmd oopsed it: >>> >>> # iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW >>> -j sshcheck; >> >> >>I believe this is a bug in the compat code, which *seems* to call (its >>a bit messy, I just had a quick look) the destroy function without >>having called checkentry previously when something goes wrong. Which >>commands did you run before this? > > > A lot ... as far as the filter table and sshcheck is concerned, > > iptables -N sshcheck; > iptables -A sshcheck -m recent --name sshcheck --seconds 60 --update -j DROP; > iptables -A sshcheck -m hashlimit --hashlimit-name sshcheck \ > --hashlimit-mode srcip --hashlimit 4/min --hashlimit-burst 4 \ > -j RETURN; > iptables -A sshcheck -m recent --name sshcheck --set -j DROP; Did you get an "invalid size" message in the ringbuffer before the oops? - To unsubscribe from this list: send the line "unsubscribe sparclinux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
