- 论坛徽章:
- 4
|
本帖最后由 井蛙夏虫 于 2013-07-03 20:34 编辑
回复 1# cnmt
在我的系统上(fedora 16):
man iptables- --hitcount hits
- This option must be used in conjunction with one of --rcheck or --update. When used, this will narrow the match to only happen
- when the address is in the list and packets had been received greater than or equal to the given value. This option may be used
- along with --seconds to create an even narrower match requiring a certain number of hits within a specific time frame.The maximum
- value for the hitcount parameter is given by the "ip_pkt_list_tot" parameter of the xt_recent kernel module. Exceeding this value
- on the command line will cause the rule to be rejected.
复制代码- The module itself accepts parameters, defaults shown:
- ip_pkt_list_tot=20
- Number of packets per address remembered.
复制代码 |
|