OS 11.4 SuSEfilewall2 configuration question

Good day Linux gurus,

After browsing around the forum, I did not find an answer to my question either here or on a google search. I know someone has an answer to this:

I was checking one of my servers, and had found several attacks against it in the messages log; one specific service is ssh (no surprise there);
I have the following settings in my configuration file


but I discovered a limitation; the xt_recent file is only tracking 100 entries. I at one point had over 300 hosts trying to dictionary attack my system. Granted I use public key authentication, it is traffic, and log entries I’d rather not have.

So my question is is there a ‘simple’ way (some .conf file some where, etc.) to adjust the number of hosts / ip’s xt_recent will keep track of?

Thanks for your help,

After having dug a big more throughout the day, and into the evening hours I gathered from several websites the information needed to achieve my goal.

I did not realize the xt_recent used with iptables was a kernel module. Once that was figured out (and I was done calling myself an idiot); I then did the following configuration changes:

First I made the changes within the current running module:

cd /sys/module/xt_recent/parameters
chmod 600 ip_list_tot
echo 5000 > ./ip_list_tot
chmod 400 ip_list_tot

That adjusted the running module’s parameters; then I made the changes permanent after a reboot by editing the file /etc/modprobe.d/99-local.conf and inserted the following lines

options xt_recent ip_list_tot=5000
options xt_recent ip_pkt_list_tot=50

The second line added was used to modify the history length of packets received from hosts for the module.