iptables: recent module

If you take a look at the man page for iptables specifically the recent modules section there are a couple of parameters that look like they'll give you the control you're looking for:

excerpt from iptables recent module section

The module itself accepts parameters, defaults shown:

   ip_list_tot=100
          Number of addresses remembered per table.

   ip_pkt_list_tot=20
          Number of packets per address remembered.

So according to these two parameters you can control the number of IP addresses and the number packets that the recent module will "remember".

Remember this is a kernel module so to apply these settings you either need to set them at module load time like so:

/sbin/modprobe ipt_recent ip_list_tot=2000 ip_pkt_list_tot=255

On my Fedora 14 system the module is actually called xt_recent, you can see what types of parameters it can take using modinfo:

$ modinfo xt_recent
filename:       /lib/modules/2.6.35.14-106.fc14.x86_64/kernel/net/netfilter/xt_recent.ko
alias:          ip6t_recent
alias:          ipt_recent
license:        GPL
description:    Xtables: "recently-seen" host matching
author:         Jan Engelhardt <[email protected]>
author:         Patrick McHardy <[email protected]>
srcversion:     00B9A3AB999488BFEB4FA6A
depends:        
vermagic:       2.6.35.14-106.fc14.x86_64 SMP mod_unload 
parm:           ip_list_tot:number of IPs to remember per list (uint)
parm:           ip_pkt_list_tot:number of packets per IP address to remember (max. 255) (uint)
parm:           ip_list_hash_size:size of hash table used to look up IPs (uint)
parm:           ip_list_perms:permissions on /proc/net/xt_recent/* files (uint)
parm:           ip_list_uid:default owner of /proc/net/xt_recent/* files (uint)
parm:           ip_list_gid:default owning group of /proc/net/xt_recent/* files (uint)

Checking xt_recent settings

All the settings for this module are kept under the /sys/module/xt_recent. Specifically the parameters you pass into it are kept here:

$ ls -1 /sys/module/xt_recent/parameters/
ip_list_gid
ip_list_hash_size
ip_list_perms
ip_list_tot
ip_list_uid
ip_pkt_list_tot

Any of the parameters can be checked by simply cat'ing the files in this directory, for example:

cat /sys/module/xt_recent/parameters/ip_pkt_list_tot

So this tells us that the default value of for the parameter ip_pkt_list_tot is 20.

Tags:

Iptables

Recent Posts