[Bug 820] New: Quotas not limiting the exact specified limit
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Tue May 14 09:12:55 CEST 2013
https://bugzilla.netfilter.org/show_bug.cgi?id=820
Summary: Quotas not limiting the exact specified limit
Product: netfilter/iptables
Version: linux-2.6.x
Platform: x86_64
OS/Version: Debian GNU/Linux
Status: NEW
Severity: critical
Priority: P5
Component: unknown
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: fandaremail at gmail.com
Estimated Hours: 0.0
Hello,
I have a problem with the quota in iptables. I have rules like bellow
for every IP, where quota is the specified limit in bytes. The problem
is that it doesnt stop when the exactly limit is reached..for example
when I set it to 1MB (quota=1048576)..it blocks the IPs when it
reaches from 1.02 to 1.04MB instead of exact 1MB..when I set the limit
to 10MB (quota=1073741824) Then it blocks the ip when it reaches 10.3
- 10.9 MB..is there a way to limit it on the exact specified amount of
data?
/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.2 -j MASQUERADE
/sbin/iptables -N table1
/sbin/iptables -A FORWARD -j table1 -d 192.168.0.2
/sbin/iptables -A FORWARD -j table1 -s 192.168.0.2
/sbin/iptables -A table1 -m quota --quota $quota -j ACCEPT
/sbin/iptables -A table1 -j REJECT
I am using iptables v1.4.8 and kernel 2.6.32-5-amd64
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the netfilter-buglog
mailing list