[Bug 797] New: Match Order Matters When Using Hashlimit
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Thu Jul 12 22:22:40 CEST 2012
http://bugzilla.netfilter.org/show_bug.cgi?id=797
Summary: Match Order Matters When Using Hashlimit
Product: netfilter/iptables
Version: unspecified
Platform: x86_64
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: ip_tables (kernel)
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: russ at eatnumber1.com
Estimated Hours: 0.0
11:15 eatnumber1> with -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW
-m hashlimit --hashlimit-upto 3/hour --hashlimit-burst 5 --hashlimit-mode srcip
--hashlimit-name ssh --hashlimit-htable-expire 3600000
--hashlimit-htable-gcinterval 360000 -j ACCEPT, credit is not lost when
connecting to port 21 (which is blocked on my firewall)
11:16 eatnumber1> with -A INPUT -m hashlimit --hashlimit-upto 3/hour
--hashlimit-burst 5 --hashlimit-mode srcip --hashlimit-name ssh
--hashlimit-htable-expire 3600000 --hashlimit-htable-gcinterval 360000 -p tcp
-m tcp --dport 22 -m state --state NEW -j ACCEPT, credit IS lost
11:16 eatnumber1> that should be documented somewhere
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
More information about the netfilter-buglog
mailing list