https://bugzilla.netfilter.org/show_bug.cgi?id=1745 Bug ID: 1745 Summary: recent man page Product: iptables Version: git (please indicate commit ID) Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: iptables Assignee: netfilter-buglog at lists.netfilter.org Reporter: pedretti.fabio at gmail.com ip_pkt_list_tot: 1) the default (checked with kernel 5.10.209) seems to be 255, not 20 2) please integrate that the max value is 255 (or, even better, make it possible to use a bigger value, since it is useful to detect longer duration abuses) ip_list_hash_size: for the module it says: "The module itself accepts parameters, defaults shown" then it says "=0", but also "default: 512" it is not clear which is the default Thanks. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240417/6ae574f5/attachment.html>
https://bugzilla.netfilter.org/show_bug.cgi?id=1745 --- Comment #1 from Fabio <pedretti.fabio at gmail.com> --- ip_pkt_list_tot: 1) fixed with: https://git.netfilter.org/iptables/commit/?id=5f904c829791d94c59936e24e419b4137bc7ed92 2) max value in kernel 6.11 now is higher https://git.netfilter.org/iptables/commit/?id=d859b91e6f3ed055c22ee7b984b481c5b518d9e1 ip_list_hash_size: fixed with: https://git.netfilter.org/iptables/commit/?id=14f313ec68e2e4ff7eeb94b0fd125f7adcab77e3 == TODO =recent man page should be updated for ip_pkt_list_tot: the actual maximum value is 65535 since kernel 6.11 and 255 on older kernels, as per https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/netfilter/xt_recent.c?id=f4ebd03496f6b67940b0af92ce885c1d0dc9e121 -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20241002/1b360551/attachment.html>
https://bugzilla.netfilter.org/show_bug.cgi?id=1745 Phil Sutter <phil at nwl.cc> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |phil at nwl.cc --- Comment #2 from Phil Sutter <phil at nwl.cc> --- would you mind submitting a patch to resolve the TODO? -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20241002/c78d24ce/attachment.html>
Apparently Analagous Threads
- [Bug 1111] extensions: libxt_hashlimit: fix print_rate.
- [Bug 873] iptables -I CHAIN -m conntrack ! --ctproto 0 is intended to produce an error message, but it doesn't (usually)
- [Bug 874] Any conntrack conditions specified with --ctstate INVALID are not checked
- [Bug 1214] Allow limit to use any value for time unit
- [Bug 1740] New: hashlimit limit: reduction to lowest terms in the output is confusing