Re: Problem with debian sarge, iptables & state

To: Debian Firewall list <debian-firewall@lists.debian.org>
Subject: Re: Problem with debian sarge, iptables & state
From: Phil Dyer <phil@dyermaker.org>
Date: Mon, 19 Dec 2005 14:47:10 -0500
Message-id: <[🔎] 43A70E3E.5080308@dyermaker.org>
In-reply-to: <[🔎] 43A7063A.20702@cgv.tugraz.at>
References: <[🔎] 43A7063A.20702@cgv.tugraz.at>

Lars Schimmer said:
> Hi!
> 
> I copied a iptables config from a friend over to my router:
> ($IPT = /sbin/iptables)
> 
> $IPT -A FORWARD -s ! 111.22.22.128/25 -p tcp --dport 22 -m state --state 
> NEW -m recent --set
> $IPT -A FORWARD -p tcp --dport 22 -m state --state NEW -m recent 
> --update --seconds 300 --hitcount 10 -j DROP
> $IPT -A FORWARD -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
> $IPT -A FORWARD -p tcp -d 111.22.22.128/25 --dport 22 -j REJECT

I believe you need the --rttl option in with the --update option.

-- 

phil

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- Problem with debian sarge, iptables & state
  - From: Lars Schimmer <l.schimmer@cgv.tugraz.at>

Prev by Date: Problem with debian sarge, iptables & state
Next by Date: Re: kilocycle exit
Previous by thread: Problem with debian sarge, iptables & state
Next by thread: Re: kilocycle exit
Index(es):
- Date
- Thread