-m limit problem
hno at marasystems.com
Tue Sep 21 12:06:26 CEST 2004
On Tue, 21 Sep 2004, Darius Tribandis wrote:
> Now i understand. I thing that counter resets just after i reload specific
> rule, but if it resets each time i modify any of rules =- than it must by
> trated as bug, because it lacks all funcionality of iptables limit match
It is when you touch any rule within the same table (nat in your case).
No it is not a bug, it is a limitation of iptables.
> is it posible to owercome this "future" ? ;)
Only by redesign of iptables to allow the limit match to save it's
counters in the user copy of the table, not the first CPU copy.
The pkttables approach worked on by Harald will solve this problem as it
does not reload the whole table on every change.
More information about the netfilter-devel