ipt_recent: duplicates in table and non_removal

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Mathias Koerber <mathias@koerber.org>
To: netfilter@lists.netfilter.org
Subject: ipt_recent: duplicates in table and non_removal
Date: Tue, 15 Nov 2005 22:32:41 +0800	[thread overview]
Message-ID: <4379F189.9030102@koerber.org> (raw)

I am using

kernel: ipt_recent v0.3.1: Stephen Frost <sfrost@snowman.net>. 
http://snowman.net/projects/ipt_recent/

with kernel 2.6.10-1.771_FC2 #1 Mon Mar 28 00:50:14 EST 2005 i686 i686 
i386 GNU/Linux

I detect duplicate IP addresses in the table and also that
in comecases removal of IP addresses via
   # echo -/ipaddress/ >table
has no effect:

http://snowman.net seems unreachable, so I am posting this here..

(note: 165.21.100.90)

[root@flunder kernel]# cat /proc/net/ipt_recent/RATELIMITED
src=165.21.100.90 ttl: 59 last_seen: 98187654 oldest_pkt: 1 last_pkts: 
98187654
src=165.21.83.90 ttl: 59 last_seen: 105389199 oldest_pkt: 5 last_pkts: 
104189250, 104489247, 104789290, 105088631, 105389199, 99687628, 
99988414, 100288532, 100587839, 100888417, 101188001, 101488362, 
101787979, 102088008, 102388644, 102688764, 102988225, 103288797, 
103588194, 103888701
src=165.21.83.89 ttl: 59 last_seen: 109890290 oldest_pkt: 0 last_pkts: 
104188366, 104488492, 104789077, 105088526, 105389397, 105688836, 
105989224, 106289494, 106589584, 106889072, 107189576, 107488956, 
107789190, 108089891, 108390132, 108689388, 108989814, 109289409, 
109589939, 109890290
src=165.21.100.89 ttl: 59 last_seen: 109889817 oldest_pkt: 0 
last_pkts: 104188422, 104488635, 104789033, 105088664, 105389249, 
105688694, 105989228, 106288912, 106589286, 106888941, 107188847, 
107489780, 107789115, 108089590, 108389687, 108689329, 108990124, 
109289518, 109590053, 109889817
src=210.193.32.116 ttl: 55 last_seen: 98372284 oldest_pkt: 1 
last_pkts: 98372284
src=134.100.32.153 ttl: 51 last_seen: 98499284 oldest_pkt: 1 
last_pkts: 98499284
src=203.117.1.53 ttl: 51 last_seen: 99951364 oldest_pkt: 1 last_pkts: 
99951364
src=203.123.8.125 ttl: 55 last_seen: 100330112 oldest_pkt: 1 
last_pkts: 100330112
src=61.229.165.172 ttl: 114 last_seen: 100930717 oldest_pkt: 1 
last_pkts: 100930717
src=81.200.64.181 ttl: 52 last_seen: 111750158 oldest_pkt: 10 
last_pkts: 109049647, 109349798, 109649977, 109950142, 110250291, 
110550469, 110850638, 111149857, 111449962, 111750158
src=165.21.83.90 ttl: 59 last_seen: 109890202 oldest_pkt: 3 last_pkts: 
109289476, 109589984, 109890202
src=165.21.100.90 ttl: 59 last_seen: 110189486 oldest_pkt: 4 
last_pkts: 109289649, 109590007, 109890251, 110189486
src=165.21.83.90 ttl: 59 last_seen: 111689736 oldest_pkt: 6 last_pkts: 
110189569, 110490067, 110790003, 111090271, 111390519, 111689736
src=165.21.83.89 ttl: 59 last_seen: 111990099 oldest_pkt: 7 last_pkts: 
110189617, 110490274, 110789751, 111090391, 111389752, 111690295, 
111990099
src=165.21.100.89 ttl: 59 last_seen: 111989813 oldest_pkt: 7 
last_pkts: 110189983, 110490166, 110790173, 111089675, 111389869, 
111690645, 111989813
src=165.21.100.90 ttl: 59 last_seen: 111690334 oldest_pkt: 5 
last_pkts: 110490012, 110789998, 111090343, 111389778, 111690334
src=66.68.210.229 ttl: 108 last_seen: 115636304 oldest_pkt: 1 
last_pkts: 115636304
src=81.200.64.181 ttl: 51 last_seen: 115651301 oldest_pkt: 1 
last_pkts: 115651301
src=134.100.32.153 ttl: 51 last_seen: 115664558 oldest_pkt: 1 
last_pkts: 115664558

[root@flunder kernel]# echo -165.21.100.90 
 >/proc/net/ipt_recent/RATELIMITED

[root@flunder kernel]# cat /proc/net/ipt_recent/RATELIMITED | grep 
165.21.100.90
src=165.21.100.90 ttl: 59 last_seen: 110189486 oldest_pkt: 4 
last_pkts: 109289649, 109590007, 109890251, 110189486
src=165.21.100.90 ttl: 59 last_seen: 111690334 oldest_pkt: 5 
last_pkts: 110490012, 110789998, 111090343, 111389778, 111690334



Additional topic. To be able to remove old entries from the table,
I made a quickand dirty kernel module (based on 
http://www.tldp.org/LDP/lkmpg/2.6/html/x714.html )
to print out the current jiffies and HZ via /proc/jiffies. This can
then be used in a shell/perl script  etc..

                 reply	other threads:[~2005-11-15 14:32 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4379F189.9030102@koerber.org \
    --to=mathias@koerber.org \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox