[Bug 857] New: ConnLimit unable to work properly

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Wed Oct 9 11:12:06 CEST 2013


https://bugzilla.netfilter.org/show_bug.cgi?id=857

           Summary: ConnLimit unable to work properly
           Product: iptables
           Version: 1.4.x
          Platform: All
        OS/Version: RedHat Linux
            Status: NEW
          Severity: critical
          Priority: P5
         Component: iptables
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: priyaja at cisco.com
   Estimated Hours: 0.0


Hi,

I have used connLimit to limit the no. of connections on specific port, but it
unable to limit number of connections. It have run 2 scenarios and in both,
connLimit works different:

Case 1: 
Set the connLimit value to 20000, run the tcp flood at slow rate(say 100
packets/sec). In this case connLimit work properly and stop creating
connections more than 20000.

Case 2: 
Set the connLimit value to 20000, run the tcp flood at high rate(say 400
packets/sec). In this case connLimit doesn't work and unable to stop number of
connections when cross the limit.

As per my understanding, iptables rule are used to prevent DoS attack, so rules
should be work irrespective of no. of packets sent or connLimit value.

Using iptables version: v1.4.7
OS used: Red Hat Enterprise Linux Server release 6.2

Please let me know, if I have miss some configuration, or it is know bug.

Thanks & Regards,
Priya Jain

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.



More information about the netfilter-buglog mailing list