Iptables’ recent module parameter

I had the pleasure to set up iptables’ recent module in order (hopefully) to stop basic small scale DoS attack on my web server. The module is pretty straightforward to use (as opposed to the limit module with its averages and burst) with two basic settings: seconds and hitcount. By default hitcount cannot be greater than 20 and you will need to change the parameter ‘ip_pkt_list_tot’ if you need more than 20.

Since most likely the recent module is already loaded and changing the parameter will involve either rebooting or unloading the module (and its dependency modules) which is not ideal if it is a live server. Luckily there is a way to change the parameter on the fly. Say you want to increase the hitcount to 100, you can do:

# echo 100 > /sys/module/ipt_recent/parameters/ip_pkt_list_tot

That is it. Just make sure you have the write permission!