More than 10 years working with linux, and basics things f... me yet.
the line add in /etc/modprobe.d/options was wrong.options ipt_recent ipt_pkt_list_tot=30
Samuel Rios Carvalho
On Wed, Mar 6, 2013 at 3:30 PM, Samuel Rios Carvalho <nhawkbr@gmail.com> wrote:
The options ever was configured.I restarted the server without options for modules.When ai run the line below, show this messagem in dmesgnf_conntrack version 0.5.0 (4894 buckets, 19576 max)
/sbin/iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
[13952201.603690] CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Please use
[13952201.603699] nf_conntrack.acct=1 kernel parameter, acct=1 nf_conntrack module option or
[13952201.603706] sysctl net.netfilter.nf_conntrack_acct=1 to enable it.When I run this one, show this.iptables: Invalid argument. Run `dmesg' for more information.
/sbin/iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 30 -j DROP
in dmesg nothing is showed more.I added this line in /etc/sysctl.conf
net.netfilter.nf_conntrack_acct = 1
no sucess yet.Samuel Rios CarvalhoOn Wed, Mar 6, 2013 at 2:47 PM, green <greenfreedom10@gmail.com> wrote:Samuel Rios Carvalho wrote at 2013-03-06 10:58 -0600:
> I found that hitcount by default is 20. I need at least 30.You should not need to use any special module parameters. Just
>
> I add this line in /etc/modprobe.d/options (i created this file)
>
> options ipt_recent ipt_pkt_list_tot=30
>
> So, I restart server and I run those two lines of iptables, but in dmesg
> show this error and the module doesn´t load.
>
> xt_recent: Unknown parameter `ipt_pkt_list_tot'
specify all parameters in your iptables rule according to the `recent`
module documentation in the iptables manual.
No comments:
Post a Comment