[Firehol-support] Re: Integrating ipt_recent with FireHOL

Costa Tsaousis costa at tsaousis.gr
Sat Nov 12 12:11:47 GMT 2005


I will try to answer to all questions:

Q: Rick Marshall wrote:
really need the option to not log the overflow connections - it's the 
0.5MB email i get every day from the log files that i want to reduce. 
and i've noticed that the ssh username lists used to attack servers is 
getting very long now.

A: Check the documentation for FIREHOL_LOG_FREQUENCY. I also suggest to 
use ULOGD to isolate the firewall logs from the system logs.


Q: Redeeman wrote:
nice, i see you havent comitted to cvs though..
when do you think this will be released in a public release?

A: I always submit everything to the CVS. However the public CVS server 
on SF.NET usually is 24 hours behind. That is why I also give you 
http://firehol.sf.net/firehol.tar.gz. This file is produced from the 
SF.NET CVS server.


Q: Redeeman wrote:
btw, the man pages specify config file as /etc/firehol.conf, while the 
script still uses /etc/firehol/firehol.conf :)

A: I have updated them. Thanks.


Now, about the recent match, you should know that:

1. kernel versions prior to 2.6.13 may have issues. Check these:
http://patchwork.netfilter.org/netfilter-devel/patch.pl?id=2587
http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/

2. There are a few limitations you should be aware of. For example, only 
the last 100 hosts are checked.
Check this: 
http://archives.free.net.ph/message/20051104.100305.7181ab94.en.html#netfilter

Costa





More information about the Firehol-support mailing list