ip_list_tot - doesn't change


Active Member
Apr 5, 2016
1) I need to change value in the file - /sys/module/xt_recent/parameters/ip_list_tot from 100 to 50000
but the system writes ""error of input-output":
# sudo chmod 777 /sys/module/xt_recent/parameters/ip_list_tot
# sudo chmod +w /sys/module/xt_recent/parameters/ip_list_tot
# sudo echo 50000 > /sys/module/xt_recent/parameters/ip_list_tot
bash: echo: write error: Input/output error​

It is impossible to make any changes in folder /sys
Though it is mounted in rw:
# cat /proc/mounts | grep sysfs
sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0​

modprobe doesn't activate the necessary parameters:
# modprobe xt_recent ip_list_tot=50000

# uname -a && cat /etc/os-release
Linux host-1 4.2.8-1-pve #1 SMP Sat Mar 19 10:44:29 CET 2016 x86_64 GNU/Linux
PRETTY_NAME="Debian GNU/Linux 8 (jessie)"
NAME="Debian GNU/Linux"
VERSION="8 (jessie)"

2) How activate to change the same file in a container operating system (ubuntu 14)?

This is a read-only parameter, you can only change it by unloading the module and reloading it with the new parameter. This is an unfortunate inconvenience as you'll have to disable the firewall rules which make use of the module before you can unload it.
As for the /sys filesystem: the file permissions are supposed to indicate the mutability of a setting, so chmod can only be used to restrict access further.
Make sure you also add the setting to a file in /etc/modprobe.d so it'll stay across reboots.
I have found! The problem has turned out that the module has been loaded into OS container. For the decision it is necessary to OFF the rules iptables all container OS using the module or to switch off the container at all.

After that:

# lsmod | grep xt_recent
xt_recent 20480 0
x_tables 36864 9 ip6table_filter,xt_recent,ip_tables,xt_tcpudp,xt_conntrack,xt_multiport,iptable_filter,ipt_REJECT,ip6_tables
# modprobe -r xt_recent
# modprobe xt_recent ip_list_tot=5000000
# modprobe xt_recent
# cat /sys/module/xt_recent/parameters/ip_list_tot

The problem is solved! All thanks :)
And still the moment, these values are cleared after reboot OS. I have added a line in / etc/rc.local:
modprobe -r xt_recent && modprobe xt_recent ip_list_tot=5000000 && modprobe xt_recent


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!