On 2/9/2014 2:22 PM, Andrew wrote:> Dear Tom,
> Sorry to bother You, I am new to this list and I have the feeling that
> my very first message sent to shorewall-users@lists.sourceforge.net in
> both plain & html format bounces back unread. I get:
> - Results:
> Ignoring non-text/plain MIME parts
> - Unprocessed:
> - - - - - - - - - -
>
> If the message has been received and repeated, please ignore this
> repetition.
> Andrew
>
>
>
>
> Hi!
>
> I have been using Shorewall for several years and it has been working
> without a glitch.
>
> Last week I tried to introduce RateLimit, Shorewall starts and everything
> seems working fine, but when I test with ping, the RateLimit seems not
> limiting anything. I have this in rules:
>
> ACCEPT net $FW icmp - - - s:icmp:5/min:5
>
> and I ping intensely the WAN interface from several other machines - ping
> response goes on and on. I expected it to stop after 5 consequent
> pings.Changed RateLimit field to s:icmp:1/min:1 with no result.
>
> Same effect is observed on Fedora17 32 bit with Shorewall 4.5.7, then
> updated to 4.5.15 and on Fedora19 64 bit box with Shorewall 4.5.15, all
> installed from Fedora RPMs.
>
> I have read in the mailing list an old post explaining that browser does
> not
> break http connection and quickly pressing F5 does not actually create new
> connections and therefore RateLimit is not applied. Does the same refer to
> ping command and icmp protocole? How to test if RateLimit is operational?
>
> Attached is a compressed dump from F17 box. Thanks in advance!
>
> One more question: On F19 box some capabilities are not available: ACCOUNT
> Target, IMQ Target, IPMARK Target, IPP2P Match. First is said to be
> needed. Any idea which rpm contains these capabilities?
If you want to limit total echo-requests, you need to put your rule in
the ALL section of the rules file rather than in the NEW section.
-Tom
PS -- I have no idea how F19 is packaged. But I assume that there is an
xtables-addons package of some sort.
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk