[Bug 820] Quotas not limiting the exact specified limit

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Mon Jul 1 22:19:56 CEST 2013


https://bugzilla.netfilter.org/show_bug.cgi?id=820

--- Comment #7 from Phil Oester <netfilter at linuxace.com> 2013-07-01 22:19:54 CEST ---
I still think you are misinterpreting how the quota match works here.  If you
add this rule:  

 /sbin/iptables -A table1 -m quota --quota X -j ACCEPT

Then that rule WILL NOT CHANGE OVER TIME.  X will always remain X, and the rule
will not "disappear".  This is important, since if you want to use
iptables-save to save your ruleset, you should not have rules randomly
disappearing or changing their quota values.

What should happen, however, is that once a quota has been reached on a given
rule, it will NO LONGER MATCH.  At this point, the counters will stop
increasing for the rule.  

Are you not seeing this behavior?

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.



More information about the netfilter-buglog mailing list