[Bug 797] New: Match Order Matters When Using Hashlimit

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Thu Jul 12 22:22:40 CEST 2012


http://bugzilla.netfilter.org/show_bug.cgi?id=797

           Summary: Match Order Matters When Using Hashlimit
           Product: netfilter/iptables
           Version: unspecified
          Platform: x86_64
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ip_tables (kernel)
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: russ at eatnumber1.com
   Estimated Hours: 0.0


11:15  eatnumber1> with -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW
-m hashlimit --hashlimit-upto 3/hour --hashlimit-burst 5 --hashlimit-mode srcip
--hashlimit-name ssh --hashlimit-htable-expire 3600000
--hashlimit-htable-gcinterval 360000 -j ACCEPT, credit is not lost when
connecting to port 21 (which is blocked on my firewall)
11:16  eatnumber1> with -A INPUT -m hashlimit --hashlimit-upto 3/hour
--hashlimit-burst 5 --hashlimit-mode srcip --hashlimit-name ssh
--hashlimit-htable-expire 3600000 --hashlimit-htable-gcinterval 360000 -p tcp
-m tcp --dport 22 -m state --state NEW -j ACCEPT, credit IS lost
11:16  eatnumber1> that should be documented somewhere

-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.



More information about the netfilter-buglog mailing list