[Firehol-support] Re: Integrating ipt_recent with FireHOL

Carlos Rodrigues cefrodrigues at mail.telepac.pt
Sat Nov 12 14:23:23 GMT 2005

On 11/12/05, Costa Tsaousis <costa at tsaousis.gr> wrote:
> Now, about the recent match, you should know that:
> 1. kernel versions prior to 2.6.13 may have issues. Check these:
> http://patchwork.netfilter.org/netfilter-devel/patch.pl?id=2587
> http://blog.blackdown.de/2005/05/09/fixing-the-ipt_recent-netfilter-module/

I just tried rebooting one of my firewalls and indeed it refuses SSH
connections during the first few minutes after boot (and so, probably
after 25 days too, like mentioned in those references). Damn, it was
working apparently so well... now I have to scrap it.

It seems that the kernel devs don't want to apply the existing patch,
and it doesn't look like there is a way to patch this correctly short
of rewriting the whole "ipt_recent" module...

Debian has a bug report about this:

Carlos Rodrigues

More information about the Firehol-support mailing list