'recent' module HOWTO

'recent' module HOWTO

[Sudheer Divakaran]

Hi,
    Where can I find detailed documentation of 'recent' module?.


To test the recent module, I've given the following commands and pinged 
to my machine from another one.  But I got the reply 'Destination port 
Unreachable'.  What is wrong in it?

iptables -F

iptables -P INPUT ACCEPT

iptables -P OUTPUT ACCEPT

iptables -A INPUT -m recent -p icmp --icmp-type echo-request --update 
--seconds 10 -j REJECT

iptables -A INPUT -m recent -p icmp --icmp-type echo-request --set -j ACCEPT


Kind Regards,
Sudheer

Re: 'recent' module HOWTO

[Samuel Jean]

On Wed, August 11, 2004 1:38 am, Sudheer Divakaran said:
> Hi,
>     Where can I find detailed documentation of 'recent' module?.
>

http://snowman.net/projects/ipt_recent/

>
> To test the recent module, I've given the following commands and pinged
> to my machine from another one.  But I got the reply 'Destination port
> Unreachable'.  What is wrong in it?

There's nothing wrong with that.  You did specify to REJECT packets, which
means that you can send back an ICMP error of your choice.

I guess 'Destination port Unreachable' is the default one.

>
> iptables -F
>
> iptables -P INPUT ACCEPT
>
> iptables -P OUTPUT ACCEPT
>
> iptables -A INPUT -m recent -p icmp --icmp-type echo-request --update
> --seconds 10 -j REJECT
>
> iptables -A INPUT -m recent -p icmp --icmp-type echo-request --set -j
> ACCEPT
>

However, you should be able to get a single ping reply before being
rejected. Is that what happen ?


>
> Kind Regards,
> Sudheer
>

Hope this helps.

Samuel Jean
CookingLinux.org

Re: 'recent' module HOWTO

[Sudheer Divakaran]

Hi,
    The problem has been solved.  When I set the rules like this, it 
worked as expected (i.e., it accepted an icmp echo request, then 
rejected icmp echo requests for 10 seconds, ...). Earlier it were 
rejecting ALL icmp-echo requests. My question is  this the correct usage 
of this module?

iptables -A INPUT -m recent -p icmp --icmp-type echo-request --update

iptables -A INPUT -m recent -p icmp --icmp-type echo-request --rcheck 
--seconds 10 -j REJECT

iptables -A INPUT -m recent -p icmp --icmp-type echo-request --set

Thanks everybody,
Sudheer.



Samuel Jean wrote:

>On Wed, August 11, 2004 1:38 am, Sudheer Divakaran said:
>
>>Hi,
>>    Where can I find detailed documentation of 'recent' module?.
>>
>>
>
>http://snowman.net/projects/ipt_recent/
>
>
>>To test the recent module, I've given the following commands and pinged
>>to my machine from another one.  But I got the reply 'Destination port
>>Unreachable'.  What is wrong in it?
>>
>
>There's nothing wrong with that.  You did specify to REJECT packets, which
>means that you can send back an ICMP error of your choice.
>
>I guess 'Destination port Unreachable' is the default one.
>
>
>>iptables -F
>>
>>iptables -P INPUT ACCEPT
>>
>>iptables -P OUTPUT ACCEPT
>>
>>iptables -A INPUT -m recent -p icmp --icmp-type echo-request --update
>>--seconds 10 -j REJECT
>>
>>iptables -A INPUT -m recent -p icmp --icmp-type echo-request --set -j
>>ACCEPT
>>
>>
>
>However, you should be able to get a single ping reply before being
>rejected. Is that what happen ?
>
>
>
>>Kind Regards,
>>Sudheer
>>
>>
>
>Hope this helps.
>
>Samuel Jean
>CookingLinux.org
>
>
>