From mboxrd@z Thu Jan 1 00:00:00 1970 From: Amin Azez Subject: Re: ipt_recent patch Date: Wed, 03 May 2006 10:32:50 +0100 Message-ID: <445878C2.9080400@ufomechanic.net> References: <43F9EA77.4060208@ufomechanic.net> <44096532.2070000@trash.net> <440DAB6B.4020208@ufomechanic.net> <440ECB1B.4070507@trash.net> <4415B019.6050409@ufomechanic.net> <20060322142636.GF4474@ns.snowman.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Return-path: To: Amin Azez , Patrick McHardy , netfilter-devel@lists.netfilter.org In-Reply-To: <20060322142636.GF4474@ns.snowman.net> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org Stephen Frost wrote: > I don't really see the use-case for these new options... Perhaps if it > was combined with an IP mask of some kind, ie: packets from 5 IPs in the > same /24 in the last 60 seconds, or some such. That could also be > accomplished by providing a way to tell ipt_recent to look for a mask > instead of individual IPs though. ie: For this table, consider any IPs > in the same /24 to be the 'same' IP. > > Anyway, they don't really affect how the module works as they just add > additional ways to check on the data stored in the tables, so I'm not > strongly against them just don't entirely see the point. I agree that a mask ought also to be supplied, as /32 is equivalent to the same-ip anyway. Are you content to make that modification or do you wish me to? I won't be able to do so for week or two. Sam