[iptables -m recent]
Gregory D Hough
mr6re9-mI4xJ4qlgtBiLUuM0BA3LQ at public.gmane.org
Fri Feb 17 21:56:16 UTC 2006
Gregory D Hough wrote:
>
> It would be helpful debugging the script if there were a way to view
> entries or a particular IP's status in the tables that the recent module
> creates. Is this possible?
> --
I hope the line wrap is better this time as I attempt to answer my own
question... The iptables man page in FC3 has nothing for the recent
module even though it is available for use. The NetFilter site has some
info and examples but I couldn't find a specific answer. This page
offered a clue:
http://www.stearns.org/doc/adaptive-firewalls.current.html
QUOTE: "The proc filesystem holds a readable, and even modifiable, list
of IP addresses in each of your lists. This allows you to manually add
or remove IP's, clear the table, or do additional checks or logs from a
userspace program."
So a simple 'cat /proc/net/ipt_recent/<NAME>' reveals the entire list.
FWIW - The default max --hitcount is 19 (20 resets to 0 and oldest hit
time is dropped), the max number of named lists is 6 and the default
number of IP's per list is 100 unless a value is specified on first load:
modprobe ipt_recent ip_list_tot=1000
Definitely a phun module!
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list