xt_recent: hitcount (151) is larger than packets to be remembered (20)

Solution Verified - Updated -

Issue

  • We cannot load iptables rules:
-A INPUT -i eth5 -p tcp --dport 12345 -m state --state NEW  -m recent --name ru-tracking  ! --update  --hitcount 151 --rsource
-A INPUT -i eth5 -p tcp --dport 12345 -m state --state NEW  -m recent --name ru-hitcount --rcheck --hitcount 151 --seconds 30  --rsource -j LOG  --log-level info --log-prefix "Conn-Limit-Exceeded "
-A INPUT -i eth5 -p tcp --dport 12345 -m state --state NEW  -m recent --name ru-hitcount --rcheck --hitcount 151 --seconds 30  --rsource -j REJECT --reject-with tcp-reset
  • The following error occurs:
# service iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules: iptables-restore: line 49 failed
                                                           [FAILED]
  • Commenting the rules out allows iptables to start

Environment

  • Red Hat Enterprise Linux 6. (RHEL 6)
  • Red Hat Enterprise Linux 7. (RHEL 7)
  • iptables rules using -m recent match

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content