xt_recent: hitcount (151) is larger than packets to be remembered (20)
Issue
- We cannot load iptables rules:
-A INPUT -i eth5 -p tcp --dport 12345 -m state --state NEW -m recent --name ru-tracking ! --update --hitcount 151 --rsource
-A INPUT -i eth5 -p tcp --dport 12345 -m state --state NEW -m recent --name ru-hitcount --rcheck --hitcount 151 --seconds 30 --rsource -j LOG --log-level info --log-prefix "Conn-Limit-Exceeded "
-A INPUT -i eth5 -p tcp --dport 12345 -m state --state NEW -m recent --name ru-hitcount --rcheck --hitcount 151 --seconds 30 --rsource -j REJECT --reject-with tcp-reset
- The following error occurs:
# service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: iptables-restore: line 49 failed
[FAILED]
- Commenting the rules out allows iptables to start
Environment
- Red Hat Enterprise Linux 6. (RHEL 6)
- Red Hat Enterprise Linux 7. (RHEL 7)
- iptables rules using
-m recentmatch
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
