[iptables -m recent]

Gregory D Hough mr6re9-mI4xJ4qlgtBiLUuM0BA3LQ at public.gmane.org
Fri Feb 17 21:56:16 UTC 2006


Gregory D Hough wrote:
> 
> It would be helpful debugging the script if there were a way to view 
> entries or a particular IP's status in the tables that the recent module 
> creates. Is this possible?
> -- 

I hope the line wrap is better this time as I attempt to answer my own 
question... The iptables man page in FC3 has nothing for the recent 
module even though it is available for use. The NetFilter site has some 
info and examples but I couldn't find a specific answer. This page 
offered a clue:

http://www.stearns.org/doc/adaptive-firewalls.current.html

QUOTE: "The proc filesystem holds a readable, and even modifiable, list 
of IP addresses in each of your lists. This allows you to manually add 
or remove IP's, clear the table, or do additional checks or logs from a 
userspace program."

So a simple 'cat /proc/net/ipt_recent/<NAME>' reveals the entire list.

FWIW - The default max --hitcount is 19 (20 resets to 0 and oldest hit 
time is dropped), the max number of named lists is 6 and the default 
number of IP's per list is 100 unless a value is specified on first load:

modprobe ipt_recent ip_list_tot=1000

Definitely a phun module!
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list