Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752525AbbBKJei (ORCPT ); Wed, 11 Feb 2015 04:34:38 -0500 Received: from jabba.london.02.net ([82.132.130.169]:49391 "EHLO mail.o2.co.uk" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752182AbbBKJeg (ORCPT ); Wed, 11 Feb 2015 04:34:36 -0500 X-Greylist: delayed 361 seconds by postgrey-1.27 at vger.kernel.org; Wed, 11 Feb 2015 04:34:35 EST Date: Wed, 11 Feb 2015 09:28:34 +0000 From: Chris Vine To: Linux Kernel Mailing List Subject: xt_recent broken in kernel 3.19.0 Message-ID: <20150211092834.65f8ae80@bother.homenet> X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; i686-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 693 Lines: 20 With kernel 3.19.0, the following iptables rule, where SSH_TRIES is set to 4: iptables -D SSH_CHAIN -m conntrack --ctstate NEW \ -m recent --update --seconds $SSH_LOGIN_PERIOD --hitcount $SSH_TRIES -j DROP generates this error message in syslog: kernel: xt_recent: hitcount (4) is larger than packets to be remembered (4) for table DEFAULT and the rule fails to install in the table. No error is generated with kernel 3.18.6. Chris -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/