[Firehol-support] Re: Integrating ipt_recent with FireHOL
Costa Tsaousis
costa at tsaousis.gr
Sat Nov 12 12:11:47 GMT 2005
I will try to answer to all questions:
Q: Rick Marshall wrote:
really need the option to not log the overflow connections - it's the
0.5MB email i get every day from the log files that i want to reduce.
and i've noticed that the ssh username lists used to attack servers is
getting very long now.
A: Check the documentation for FIREHOL_LOG_FREQUENCY. I also suggest to
use ULOGD to isolate the firewall logs from the system logs.
Q: Redeeman wrote:
nice, i see you havent comitted to cvs though..
when do you think this will be released in a public release?
A: I always submit everything to the CVS. However the public CVS server
on SF.NET usually is 24 hours behind. That is why I also give you
http://firehol.sf.net/firehol.tar.gz. This file is produced from the
SF.NET CVS server.
Q: Redeeman wrote:
btw, the man pages specify config file as /etc/firehol.conf, while the
script still uses /etc/firehol/firehol.conf :)
A: I have updated them. Thanks.
Now, about the recent match, you should know that:
1. kernel versions prior to 2.6.13 may have issues. Check these:
http://patchwork.netfilter.org/netfilter-devel/patch.pl?id=2587
http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/
2. There are a few limitations you should be aware of. For example, only
the last 100 hosts are checked.
Check this:
http://archives.free.net.ph/message/20051104.100305.7181ab94.en.html#netfilter
Costa
More information about the Firehol-support
mailing list