[Bug 676] connlimit doesn't work properly
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Thu Jun 6 18:09:22 CEST 2013
https://bugzilla.netfilter.org/show_bug.cgi?id=676
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |netfilter at linuxace.com
Resolution| |WORKSFORME
--- Comment #2 from Phil Oester <netfilter at linuxace.com> 2013-06-06 18:09:21 CEST ---
This works fine for me on recent kernels. Perhaps you misunderstand that
connlimit means you need SIMULTANEOUS connections opened? It does not track
CLOSED (historical) connections.
Example on 3.10 kernel:
# iptables -A INPUT -p tcp --syn --dport 25 -m connlimit --connlimit-above 2
-j REJECT
Connection #1:
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 localhost.localdomain ESMTP Sendmail 8.14.5/8.14.5; Thu, 6 Jun 2013
12:04:31 -0400
Connection #2:
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 localhost.localdomain ESMTP Sendmail 8.14.5/8.14.5; Thu, 6 Jun 2013
12:04:34 -0400
Connection #3:
# telnet localhost 25
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
Closing.
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the netfilter-buglog
mailing list