[Bug 820] New: Quotas not limiting the exact specified limit

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Tue May 14 09:12:55 CEST 2013


           Summary: Quotas not limiting the exact specified limit
           Product: netfilter/iptables
           Version: linux-2.6.x
          Platform: x86_64
        OS/Version: Debian GNU/Linux
            Status: NEW
          Severity: critical
          Priority: P5
         Component: unknown
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: fandaremail at gmail.com
   Estimated Hours: 0.0

I have a problem with the quota in iptables. I have rules like bellow
for every IP, where quota is the specified limit in bytes. The problem
is that it doesnt stop when the exactly limit is reached..for example
when I set it to 1MB (quota=1048576)..it blocks the IPs when it
reaches from 1.02 to 1.04MB instead of exact 1MB..when I set the limit
to 10MB (quota=1073741824) Then it blocks the ip when it reaches 10.3
- 10.9 MB..is there a way to limit it on the exact specified amount of

 /sbin/iptables -t nat -A POSTROUTING -o eth0 -s -j MASQUERADE
 /sbin/iptables -N table1
 /sbin/iptables -A FORWARD -j table1 -d
 /sbin/iptables -A FORWARD -j table1 -s
 /sbin/iptables -A table1 -m quota --quota $quota -j ACCEPT
 /sbin/iptables -A table1 -j REJECT

I am using iptables v1.4.8 and kernel  2.6.32-5-amd64

Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the netfilter-buglog mailing list