thr3ads.net - netfilter buglog - [Bug 797] New: Match Order Matters When Using Hashlimit [Jul 2012]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at bugzilla.netfilter.org

2012-Jul-12 20:22 UTC

[Bug 797] New: Match Order Matters When Using Hashlimit

http://bugzilla.netfilter.org/show_bug.cgi?id=797

           Summary: Match Order Matters When Using Hashlimit
           Product: netfilter/iptables
           Version: unspecified
          Platform: x86_64
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ip_tables (kernel)
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: russ at eatnumber1.com
   Estimated Hours: 0.0


11:15  eatnumber1> with -A INPUT -p tcp -m tcp --dport 22 -m state --state
NEW
-m hashlimit --hashlimit-upto 3/hour --hashlimit-burst 5 --hashlimit-mode srcip
--hashlimit-name ssh --hashlimit-htable-expire 3600000
--hashlimit-htable-gcinterval 360000 -j ACCEPT, credit is not lost when
connecting to port 21 (which is blocked on my firewall)
11:16  eatnumber1> with -A INPUT -m hashlimit --hashlimit-upto 3/hour
--hashlimit-burst 5 --hashlimit-mode srcip --hashlimit-name ssh
--hashlimit-htable-expire 3600000 --hashlimit-htable-gcinterval 360000 -p tcp
-m tcp --dport 22 -m state --state NEW -j ACCEPT, credit IS lost
11:16  eatnumber1> that should be documented somewhere

-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

bugzilla-daemon at bugzilla.netfilter.org

2012-Dec-06 18:08 UTC

head link

[Bug 797] Match Order Matters When Using Hashlimit

http://bugzilla.netfilter.org/show_bug.cgi?id=797

Jozsef Kadlecsik <kadlec at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |kadlec at netfilter.org
         Resolution|                            |FIXED

--- Comment #1 from Jozsef Kadlecsik <kadlec at netfilter.org> 2012-12-06
19:08:35 CET ---
Manpage is updated in the iptables git tree: extension matches are evaluated in
the order they are specified.

-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

netfilter buglog - Jul 2012 - [Bug 797] New: Match Order Matters When Using Hashlimit

[Bug 797] New: Match Order Matters When Using Hashlimit

[Bug 797] Match Order Matters When Using Hashlimit