libxt_recent.man revision fea74bf74ff524431ce65145f1523584edf99dc9
1Allows you to dynamically create a list of IP addresses and then match against 2that list in a few different ways. 3.PP 4For example, you can create a "badguy" list out of people attempting to connect 5to port 139 on your firewall and then DROP all future packets from them without 6considering them. 7.TP 8\fB\-\-name\fP \fIname\fP 9Specify the list to use for the commands. If no name is given then 10\fBDEFAULT\fR will be used. 11.TP 12[\fB!\fR] \fB\-\-set\fP 13This will add the source address of the packet to the list. If the source 14address is already in the list, this will update the existing entry. This will 15always return success (or failure if \fB!\fR is passed in). 16.TP 17\fB\-\-rsource\fP 18Match/save the source address of each packet in the recent list table. This 19is the default. 20.TP 21\fB\-\-rdest\fP 22Match/save the destination address of each packet in the recent list table. 23.TP 24[\fB!\fR] \fB\-\-rcheck\fP 25Check if the source address of the packet is currently in the list. 26.TP 27[\fB!\fR] \fB\-\-update\fP 28Like \fB\-\-rcheck\fP, except it will update the "last seen" timestamp if it 29matches. 30.TP 31[\fB!\fR] \fB\-\-remove\fP 32Check if the source address of the packet is currently in the list and if so 33that address will be removed from the list and the rule will return true. If 34the address is not found, false is returned. 35.TP 36[\fB!\fR] \fB\-\-seconds \fIseconds\fP 37This option must be used in conjunction with one of \fB\-\-rcheck\fP or 38\fB\-\-update\fP. When used, this will narrow the match to only happen when the 39address is in the list and was seen within the last given number of seconds. 40.TP 41[\fB!\fR] \fB\-\-hitcount \fIhits\fP 42This option must be used in conjunction with one of \fB\-\-rcheck\fP or 43\fB\-\-update\fP. When used, this will narrow the match to only happen when the 44address is in the list and packets had been received greater than or equal to 45the given value. This option may be used along with \fB\-\-seconds\fP to create 46an even narrower match requiring a certain number of hits within a specific 47time frame. 48.TP 49\fB\-\-rttl\fP 50This option may only be used in conjunction with one of \fB\-\-rcheck\fP or 51\fB\-\-update\fP. When used, this will narrow the match to only happen when the 52address is in the list and the TTL of the current packet matches that of the 53packet which hit the \fB\-\-set\fP rule. This may be useful if you have problems 54with people faking their source address in order to DoS you via this module by 55disallowing others access to your site by sending bogus packets to you. 56.PP 57Examples: 58.IP 59iptables \-A FORWARD \-m recent \-\-name badguy \-\-rcheck \-\-seconds 60 \-j DROP 60.IP 61iptables \-A FORWARD \-p tcp \-i eth0 \-\-dport 139 \-m recent \-\-name badguy \-\-set \-j DROP 62.PP 63Steve's ipt_recent website (http://snowman.net/projects/ipt_recent/) also has 64some examples of usage. 65.PP 66\fB/proc/net/xt_recent/*\fR are the current lists of addresses and information 67about each entry of each list. 68.PP 69Each file in \fB/proc/net/xt_recent/\fR can be read from to see the current 70list or written two using the following commands to modify the list: 71.TP 72\fBecho +\fR\fIaddr\fR\fB >/proc/net/xt_recent/DEFAULT\fR 73to add \fIaddr\fR to the DEFAULT list 74.TP 75\fBecho \-\fP\fIaddr\fP\fB >/proc/net/xt_recent/DEFAULT\fP 76to remove \fIaddr\fR from the DEFAULT list 77.TP 78\fBecho / >/proc/net/xt_recent/DEFAULT\fR 79to flush the DEFAULT list (remove all entries). 80.PP 81The module itself accepts parameters, defaults shown: 82.TP 83\fBip_list_tot\fR=\fI100\fR 84Number of addresses remembered per table. 85.TP 86\fBip_pkt_list_tot\fR=\fI20\fR 87Number of packets per address remembered. 88.TP 89\fBip_list_hash_size\fR=\fI0\fR 90Hash table size. 0 means to calculate it based on ip_list_tot, default: 512. 91.TP 92\fBip_list_perms\fR=\fI0644\fR 93Permissions for /proc/net/xt_recent/* files. 94.TP 95\fBip_list_uid\fR=\fI0\fR 96Numerical UID for ownership of /proc/net/xt_recent/* files. 97.TP 98\fBip_list_gid\fR=\fI0\fR 99Numerical GID for ownership of /proc/net/xt_recent/* files. 100