[Bug 676] connlimit doesn't work properly

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Thu Jun 6 18:09:22 CEST 2013


https://bugzilla.netfilter.org/show_bug.cgi?id=676

Phil Oester <netfilter at linuxace.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |netfilter at linuxace.com
         Resolution|                            |WORKSFORME

--- Comment #2 from Phil Oester <netfilter at linuxace.com> 2013-06-06 18:09:21 CEST ---
This works fine for me on recent kernels.  Perhaps you misunderstand that
connlimit means you need SIMULTANEOUS connections opened?  It does not track
CLOSED (historical) connections. 

Example on 3.10 kernel:

#  iptables -A INPUT -p tcp --syn --dport 25 -m connlimit --connlimit-above 2
-j REJECT

Connection #1:
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 localhost.localdomain ESMTP Sendmail 8.14.5/8.14.5; Thu, 6 Jun 2013
12:04:31 -0400

Connection #2:
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 localhost.localdomain ESMTP Sendmail 8.14.5/8.14.5; Thu, 6 Jun 2013
12:04:34 -0400

Connection #3:
# telnet localhost 25
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused

Closing.

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.



More information about the netfilter-buglog mailing list