[Bug 544984] Re: netfilter xt_recent --rcheck fails to match
Colm Buckley
colm at tuatha.org
Tue Mar 23 14:33:39 UTC 2010
Further to comment #2; it's only the --rcheck rule which fails. --set
and --remove rules seem to have the correct effect in adding and
removing entries to /proc/net/xt_recent/DEFAULT (and any other name).
Likewise, the "echo +IP" and "echo -IP" methods seem to work correctly:
# cat /proc/net/xt_recent/DEFAULT
# echo '+10.0.0.1' > /proc/net/xt_recent/DEFAULT
# echo '+10.0.0.2' > /proc/net/xt_recent/DEFAULT
# cat /proc/net/xt_recent/DEFAULT
src=10.0.0.2 ttl: 0 last_seen: 4301811921 oldest_pkt: 1 4301811921
src=10.0.0.1 ttl: 0 last_seen: 4301811288 oldest_pkt: 1 4301811288
# echo '-10.0.0.1' > /proc/net/xt_recent/DEFAULT
# cat /proc/net/xt_recent/DEFAULT
src=10.0.0.2 ttl: 0 last_seen: 4301811921 oldest_pkt: 1 4301811921
# echo '/' > /proc/net/xt_recent/DEFAULT
# cat /proc/net/xt_recent/DEFAULT
But --rcheck fails to match these entries when packets with the same
source addresses are received.
--
netfilter xt_recent --rcheck fails to match
https://bugs.launchpad.net/bugs/544984
You received this bug notification because you are a member of Kernel
Bugs, which is subscribed to linux in ubuntu.
More information about the kernel-bugs
mailing list