From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752044AbbCHK1g (ORCPT ); Sun, 8 Mar 2015 06:27:36 -0400 Received: from mx1.unsolicited.net ([173.255.193.191]:51715 "EHLO mx1.unsolicited.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751572AbbCHK1e (ORCPT ); Sun, 8 Mar 2015 06:27:34 -0400 X-Greylist: delayed 907 seconds by postgrey-1.27 at vger.kernel.org; Sun, 08 Mar 2015 06:27:33 EDT Message-ID: <54FC2089.6080809@unsolicited.net> Date: Sun, 08 Mar 2015 10:12:25 +0000 From: David R User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: netdev@vger.kernel.org CC: linux-kernel@vger.kernel.org Subject: iptables problem upgrading kernel from 3.18.8 to 3.19.1 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org I've just had an exception to my "uneventful kernel upgrade" monotony. My boot scripts failed when setting up the firewall due to this :- xt_recent: hitcount (1) is larger than packets to be remembered (1) for table xxxx This is a completely straightforward iptables -A yyyy -j REJECT -p tcp --reject-with tcp-reset -m recent --set --name xxxx --rsource Looking at the history for xt_recent.c it looks like this was introduced in abc86d0f99242b7f142b7cb8f90e30081dd3c256 but maybe corrected in cef9ed86ed62eeffcd017882278bbece32001f86 ? Whatever, 3.19.1 is still affected, it can be worked around by setting ip_pkt_list_tot in the module parameters. Cheers David