xt_recent: hitcount (151) is larger than packets to be remembered (20)

Solution Verified - Updated -

Issue

  • We cannot load iptables rules:
-A INPUT -i eth5 -p tcp --dport 12345 -m state --state NEW  -m recent --name ru-tracking  ! --update  --hitcount 151 --rsource
-A INPUT -i eth5 -p tcp --dport 12345 -m state --state NEW  -m recent --name ru-hitcount --rcheck --hitcount 151 --seconds 30  --rsource -j LOG  --log-level info --log-prefix "Conn-Limit-Exceeded "
-A INPUT -i eth5 -p tcp --dport 12345 -m state --state NEW  -m recent --name ru-hitcount --rcheck --hitcount 151 --seconds 30  --rsource -j REJECT --reject-with tcp-reset
  • The following error occurs:
# service iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules: iptables-restore: line 49 failed
                                                           [FAILED]
  • Commenting the rules out allows iptables to start

Environment

  • Red Hat Enterprise Linux 6. (RHEL 6)
  • Red Hat Enterprise Linux 7. (RHEL 7)
  • iptables rules using -m recent match

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.