recent
extensions文档的链接: iptables-extensions.man.
recent
Allows you to dynamically create a list of IP addresses and then match against that list in a few different ways.
For example, you can create a “badguy” list out of people attempting to connect to port 139 on your firewall and then DROP all future packets from them without considering them.
–set, --rcheck, --update and --remove are mutually exclusive.
–name name
Specify the list to use for the commands. If no name is given then DEFAULT will be used.
[!] --set
This will add the source address of the packet to the list. If the source address is already in the list, this will update the existing entry. This will always return success (or failure if ! is passed in).
–rsource
Match/save the source address of each packet in the recent list table. This is the default.
–rdest
Match/save the destination address of each packet in the recent list table.
–mask netmask
Netmask that will be applied to this recent list.
[!] --rcheck
Check if the source address of the packet is currently in the list.
[!] --update
Like --rcheck, except it will update the “last seen” timestamp if it matches.
[!] --remove
Check if the source address of the packet is currently in the list and if so that address will be removed from the list and the rule will return true. If the address is not found