[Bug 857] New: ConnLimit unable to work properly
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Wed Oct 9 11:12:06 CEST 2013
https://bugzilla.netfilter.org/show_bug.cgi?id=857
Summary: ConnLimit unable to work properly
Product: iptables
Version: 1.4.x
Platform: All
OS/Version: RedHat Linux
Status: NEW
Severity: critical
Priority: P5
Component: iptables
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: priyaja at cisco.com
Estimated Hours: 0.0
Hi,
I have used connLimit to limit the no. of connections on specific port, but it
unable to limit number of connections. It have run 2 scenarios and in both,
connLimit works different:
Case 1:
Set the connLimit value to 20000, run the tcp flood at slow rate(say 100
packets/sec). In this case connLimit work properly and stop creating
connections more than 20000.
Case 2:
Set the connLimit value to 20000, run the tcp flood at high rate(say 400
packets/sec). In this case connLimit doesn't work and unable to stop number of
connections when cross the limit.
As per my understanding, iptables rule are used to prevent DoS attack, so rules
should be work irrespective of no. of packets sent or connLimit value.
Using iptables version: v1.4.7
OS used: Red Hat Enterprise Linux Server release 6.2
Please let me know, if I have miss some configuration, or it is know bug.
Thanks & Regards,
Priya Jain
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the netfilter-buglog
mailing list