[Bug 820] New: Quotas not limiting the exact specified limit

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Tue May 14 09:12:55 CEST 2013


https://bugzilla.netfilter.org/show_bug.cgi?id=820

           Summary: Quotas not limiting the exact specified limit
           Product: netfilter/iptables
           Version: linux-2.6.x
          Platform: x86_64
        OS/Version: Debian GNU/Linux
            Status: NEW
          Severity: critical
          Priority: P5
         Component: unknown
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: fandaremail at gmail.com
   Estimated Hours: 0.0


Hello,
I have a problem with the quota in iptables. I have rules like bellow
for every IP, where quota is the specified limit in bytes. The problem
is that it doesnt stop when the exactly limit is reached..for example
when I set it to 1MB (quota=1048576)..it blocks the IPs when it
reaches from 1.02 to 1.04MB instead of exact 1MB..when I set the limit
to 10MB (quota=1073741824) Then it blocks the ip when it reaches 10.3
- 10.9 MB..is there a way to limit it on the exact specified amount of
data?

 /sbin/iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.2 -j MASQUERADE
 /sbin/iptables -N table1
 /sbin/iptables -A FORWARD -j table1 -d 192.168.0.2
 /sbin/iptables -A FORWARD -j table1 -s 192.168.0.2
 /sbin/iptables -A table1 -m quota --quota $quota -j ACCEPT
 /sbin/iptables -A table1 -j REJECT

I am using iptables v1.4.8 and kernel  2.6.32-5-amd64

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.



More information about the netfilter-buglog mailing list