Search This Blog

Saturday, April 25, 2009

Re: recent/hitcount broken in Lenny?

On Sat, 2009-04-25 at 14:22 +0200, Pascal Hambourg wrote:

> Maybe this is the explanation if you use a kernel version 2.6.25 or
> above, such as a 2.6.26 kernel from lenny. You may try to increase the
> packet list length to at least 50 using the parameter "ip_pkt_list_tot"
> of the module ipt_recent (note that this module is renamed xt_recent in
> kernel version 2.6.28 and above, but the "ipt_recent" alias should be
> kept). IIRC this can be done by adding an "options" statement in
> /etc/modprobe.conf or /etc/modprobe.d/ (I haven't been doing that for
> too much time).
>
> options ipt_recent ip_pkt_list_tot=50


Yep, very good explanation and your fix works just fine.
2 hours and 17 minutes to get an explanation and a fix, impressive,
thank you!

Guillaume


--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

No comments: