Firewall recent time configure issue

dnwk · November 10, 2022, 4:13pm

Version 1.3.2
set firewall name WAN_LOCAL rule 60 recent time minute

I have tried minute, second or hour in configure and got same error:
“minute” is not a valid value of type “u32”
Value validation failed
Set failed

If I force it in configure


        rule 60 {
            action drop
            destination {
                port 22
            }
            protocol tcp
            recent {
                count 4
                time minute
            }
            state {
                new enable
            }
        }

I will get this error

[ firewall name WAN_LOCAL ]
iptables v1.8.2 (nf_tables): recent: bad value for option "--seconds", or out of range (1-4294967295).

Try `iptables -h' or 'iptables --help' for more information.
Use of uninitialized value $rule_strs[2] in join or string at /opt/vyatta/sbin/vyatta-firewall.pl line 742.
Use of uninitialized value $rule_strs[3] in join or string at /opt/vyatta/sbin/vyatta-firewall.pl line 742.
Use of uninitialized value $rule_strs[4] in join or string at /opt/vyatta/sbin/vyatta-firewall.pl line 742.
Use of uninitialized value $rule_strs[5] in join or string at /opt/vyatta/sbin/vyatta-firewall.pl line 742.
iptables error: No such file or directory - -m comment --comment "WAN_LOCAL-60"   -p tcp -m state --state NEW     --dport 22  -m recent --update  --seconds minute  --hitcount 4  --name WAN_LOCAL-60 -j DROP  -m comment --comment "WAN_LOCAL-60"   -p tcp -m state --state NEW     --dport 22  -m recent --set  --name WAN_LOCAL-60      at /opt/vyatta/sbin/vyatta-firewall.pl line 742.

[[firewall name WAN_LOCAL]] failed
Commit failed

Viacheslav · November 10, 2022, 4:18pm

check value help
you have to set seconds

vyos@r1# set firewall name foo rule 10 recent time 
Possible completions:
   <0-4294967295>
                Source addresses seen in the last N seconds

dnwk · November 10, 2022, 4:21pm

So If I set the recent count to 4, and time to minute, does it convert, or I have to manually convert?
But even so, count 4 is still a valid number.

Viacheslav · November 10, 2022, 4:23pm

check the completion help

 <0-4294967295>
                Source addresses seen in the last N seconds

you have to set values in seconds

system · November 30, 2022, 4:00pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.