Hi,
I'm getting duplicate entries in a "recent" table.
E.g.:
# cat banned | grep 193.23.112.133
src=193.23.112.133 ttl: 58 last_seen: 436851854 oldest_pkt:
1 last_pkts: 436851854
src=193.23.112.133 ttl: 58 last_seen: 435101910 oldest_pkt:
1 last_pkts: 435101910
src=193.23.112.133 ttl: 58 last_seen: 435600728 oldest_pkt:
1 last_pkts: 435600728
I took a quick look at the source(*) and I as far as I
understand even
if I would "--set" the same IP multiple times it
would/should still only
create one entry.
These are the rules I use:
-A in $ETH0_TCP_SYN -m recent --rcheck --seconds 60 --name
banned --rsource -j DROP
-A in $ETH0_TCP_SYN -m recent --remove --name banned
--rsource
-A in $ETH0_TCP_SYN -m hashlimit --hashlimit 5/sec
--hashlimit-name accept --hashlimit-htable-max 4096 -j
ACCEPT
-A in $ETH0_TCP_SYN -m hashlimit --hashlimit 5/sec
--hashlimit-name drop --hashlimit-htable-max 4096 -j DROP
-A in $ETH0_TCP_SYN -m recent --set --name banned --rsource
-j DROP
Although this tries to avoid adding the same IP to the list
multiple
times I think it is unavoidable that multiple packets could
have passed
the initial 'rcheck', and heading towards the final 'set'
rule at the
same time. (It's a quad core CPU.)
Is there something I can, or should, do to prevent these
dups?
(*)I must admit that the running kernel is a 2.6.17.7 and I
looked at
the source of linux-2.6.22-rc5.
Regards,
Mark.
|
