LOG Rate Limit Problem
Lucky Leavell
netfilter at UniXpress.com
Tue Oct 5 03:04:32 CEST 2004
iptables v1.2.8
OS: SuSE 9.1
After reading several references here on rate limiting logging I tried the
following short chain which was intended to log a packet subject to the
rate limit and then drop it unconditionally:
-A LogDrop -m limit --limit 2/s -j LOG --log-prefix "ICMP:Drop "
-A LogDrop -physdev --physdev-in eth0 -j DROP
-A LogDrop -physdev --physdev-in eth1 -j DROP
However, the first statement not only logged the packets subject to the
rate limit but also acted as an implicit ACCEPT. My understanding was
that the logging should take place but then the packets should be dropped
unconditionally by one of the following DROPs. When the LOG statement was
commented out, the packets were dropped as desired.
I have reread my documentation and still do not see where my mistake is.
Could someone please enlighten my understanding>
Thank you,
Lucky Leavell
More information about the netfilter
mailing list