Discussion:
problem with recent module
Samuel Rios Carvalho
2013-03-06 16:58:32 UTC
Permalink
Dear,

IŽm in debain 6.0.6 with kernel 2.6.32-5-xen-amd64


I wanna use those iptables lines

/sbin/iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m
recent --set
/sbin/iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m
recent --update --seconds 60 --hitcount 30 -j DROP

I found that hitcount by default is 20. I need at least 30.

I add this line in /etc/modprobe.d/options (i created this file)

options ipt_recent ipt_pkt_list_tot=30

So, I restart server and I run those two lines of iptables, but in dmesg
show this error and the module doesnŽt load.

xt_recent: Unknown parameter `ipt_pkt_list_tot'

Do you have any solution for this?

thanks

Samuel Rios Carvalho
green
2013-03-06 17:47:51 UTC
Permalink
Post by Samuel Rios Carvalho
I found that hitcount by default is 20. I need at least 30.
I add this line in /etc/modprobe.d/options (i created this file)
options ipt_recent ipt_pkt_list_tot=30
So, I restart server and I run those two lines of iptables, but in dmesg
show this error and the module doesnÂŽt load.
xt_recent: Unknown parameter `ipt_pkt_list_tot'
You should not need to use any special module parameters. Just
specify all parameters in your iptables rule according to the `recent`
module documentation in the iptables manual.
Samuel Rios Carvalho
2013-03-06 18:30:23 UTC
Permalink
I restarted the server without options for modules.

When ai run the line below, show this messagem in dmesg

/sbin/iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m
recent --set

nf_conntrack version 0.5.0 (4894 buckets, 19576 max)
[13952201.603690] CONFIG_NF_CT_ACCT is deprecated and will be removed soon.
Please use
[13952201.603699] nf_conntrack.acct=1 kernel parameter, acct=1 nf_conntrack
module option or
[13952201.603706] sysctl net.netfilter.nf_conntrack_acct=1 to enable it.

The options ever was configured.

When I run this one, show this.

/sbin/iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m
recent --update --seconds 60 --hitcount 30 -j DROP

iptables: Invalid argument. Run `dmesg' for more information.

in dmesg nothing is showed more.

I added this line in /etc/sysctl.conf

net.netfilter.nf_conntrack_acct = 1

no sucess yet.

Samuel Rios Carvalho
Post by green
Post by Samuel Rios Carvalho
I found that hitcount by default is 20. I need at least 30.
I add this line in /etc/modprobe.d/options (i created this file)
options ipt_recent ipt_pkt_list_tot=30
So, I restart server and I run those two lines of iptables, but in dmesg
show this error and the module doesnŽt load.
xt_recent: Unknown parameter `ipt_pkt_list_tot'
You should not need to use any special module parameters. Just
specify all parameters in your iptables rule according to the `recent`
module documentation in the iptables manual.
Samuel Rios Carvalho
2013-03-06 21:07:59 UTC
Permalink
More than 10 years working with linux, and basics things f... me yet.

the line add in /etc/modprobe.d/options was wrong.

options ipt_recent ipt_pkt_list_tot=30

correct way
options ipt_recent* ip_pkt_list_tot*=30

The letter T.

just it


Samuel Rios Carvalho
Post by Samuel Rios Carvalho
I restarted the server without options for modules.
When ai run the line below, show this messagem in dmesg
/sbin/iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m
recent --set
nf_conntrack version 0.5.0 (4894 buckets, 19576 max)
[13952201.603690] CONFIG_NF_CT_ACCT is deprecated and will be removed
soon. Please use
[13952201.603699] nf_conntrack.acct=1 kernel parameter, acct=1
nf_conntrack module option or
[13952201.603706] sysctl net.netfilter.nf_conntrack_acct=1 to enable it.
The options ever was configured.
When I run this one, show this.
/sbin/iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m
recent --update --seconds 60 --hitcount 30 -j DROP
iptables: Invalid argument. Run `dmesg' for more information.
in dmesg nothing is showed more.
I added this line in /etc/sysctl.conf
net.netfilter.nf_conntrack_acct = 1
no sucess yet.
Samuel Rios Carvalho
Post by green
Post by Samuel Rios Carvalho
I found that hitcount by default is 20. I need at least 30.
I add this line in /etc/modprobe.d/options (i created this file)
options ipt_recent ipt_pkt_list_tot=30
So, I restart server and I run those two lines of iptables, but in dmesg
show this error and the module doesnŽt load.
xt_recent: Unknown parameter `ipt_pkt_list_tot'
You should not need to use any special module parameters. Just
specify all parameters in your iptables rule according to the `recent`
module documentation in the iptables manual.
green
2013-03-06 22:18:38 UTC
Permalink
Post by Samuel Rios Carvalho
the line add in /etc/modprobe.d/options was wrong.
options ipt_recent ipt_pkt_list_tot=30
I am glad you got it working, and now I see that the module parameters
are listed in the iptables man page.

Loading...