[Bug 610] New: conntrack doesn't work
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Thu Sep 24 09:21:52 CEST 2009
http://bugzilla.netfilter.org/show_bug.cgi?id=610
Summary: conntrack doesn't work
Product: netfilter/iptables
Version: linux-2.6.x
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P1
Component: unknown
AssignedTo: laforge at netfilter.org
ReportedBy: urykhy at gmail.com
i need to limit number of simultaneous connections to httpd:
on server:
iptables -A INPUT -p tcp -m connlimit --connlimit-above 5 --dport 80 -j DROP
(there is onle one rule in firewall )
on client i run slowloris..
on the server under attack
netstat -nta | grep :80 | grep ESTABLISHED | wc -l
180
as i understand 'iptables -L -n -v' - my rule never hits,
existing behavior:
on server under attack a lot of simultaneous connection from single ip.
expected behavior:
server should have only 5 connections
i miss something ?
ps:
debian linux 2.6.30-2, iptables 1.4.4-2
slowloris - http://ha.ckers.org/slowloris/
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the netfilter-buglog
mailing list