On Thu, 12 Feb 2015 10:54:17 +
Chris Vine wrote:
[snip]
> On further testing I see that that patch only solves the problem if
> SSH_TRIES is set to a power of two boundary. You still get an error
> loading the rule if it is anything else. I think there is something
> wrong with the nstamp_ma
On Thu, 12 Feb 2015 10:26:16 +
Chris Vine wrote:
> On Thu, 12 Feb 2015 09:35:33 +0100
> Florian Westphal wrote:
> > Cong Wang wrote:
> > > (Cc'ing netdev and netfilter-devel lists)
> >
> > Thanks for forwarding.
> >
> > > > Chris Vine wrote:
> > > >> iptables -D SSH_CHAIN -m conntrack -
On Thu, 12 Feb 2015 09:35:33 +0100
Florian Westphal wrote:
> Cong Wang wrote:
> > (Cc'ing netdev and netfilter-devel lists)
>
> Thanks for forwarding.
>
> > > Chris Vine wrote:
> > >> iptables -D SSH_CHAIN -m conntrack --ctstate NEW \
> > >> -m recent --update --seconds $SSH_LOGIN_PERIOD
Cong Wang wrote:
> (Cc'ing netdev and netfilter-devel lists)
Thanks for forwarding.
> > Chris Vine wrote:
> >> iptables -D SSH_CHAIN -m conntrack --ctstate NEW \
> >> -m recent --update --seconds $SSH_LOGIN_PERIOD --hitcount
> >> $SSH_TRIES -j DROP
> > --- linux-3.19.0/net/netfilter/xt_re
(Cc'ing netdev and netfilter-devel lists)
On Wed, Feb 11, 2015 at 10:31 AM, Chris Vine
wrote:
> On Wed, 11 Feb 2015 09:28:34 +
> Chris Vine wrote:
>> With kernel 3.19.0, the following iptables rule, where SSH_TRIES is
>> set to 4:
>>
>> iptables -D SSH_CHAIN -m conntrack --ctstate NEW \
>>
On Wed, 11 Feb 2015 09:28:34 +
Chris Vine wrote:
> With kernel 3.19.0, the following iptables rule, where SSH_TRIES is
> set to 4:
>
> iptables -D SSH_CHAIN -m conntrack --ctstate NEW \
> -m recent --update --seconds $SSH_LOGIN_PERIOD --hitcount
> $SSH_TRIES -j DROP
>
> generates this
With kernel 3.19.0, the following iptables rule, where SSH_TRIES is set
to 4:
iptables -D SSH_CHAIN -m conntrack --ctstate NEW \
-m recent --update --seconds $SSH_LOGIN_PERIOD --hitcount $SSH_TRIES -j DROP
generates this error message in syslog:
kernel: xt_recent: hitcount (4) is larger
7 matches
Mail list logo
