Per Jessen wrote:
That solution would be a very good choice -- if it would work. ipt_recent doesn't work correctly when Jifies in the Linux kernel overflow. Then it blocks every request, even though they didn't pass the threshold.
Umm, that's a showstopper alright. I found these:
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=415 http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/
Thanks for pointing them out. I haven't followed that lead for some time now, and it's good to know that this opportunity exists as well.
I sort of like your alternative solution, although it is a little too complicated/over-engineered for my own needs.
I know that it's too complex for most installations, that's why I don't spend the effort to release the software. Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany