bugzilla-daemon at netfilter.org
2013-Jun-06 16:09 UTC
[Bug 676] connlimit doesn't work properly
https://bugzilla.netfilter.org/show_bug.cgi?id=676
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |netfilter at linuxace.com
Resolution| |WORKSFORME
--- Comment #2 from Phil Oester <netfilter at linuxace.com> 2013-06-06
18:09:21 CEST ---
This works fine for me on recent kernels. Perhaps you misunderstand that
connlimit means you need SIMULTANEOUS connections opened? It does not track
CLOSED (historical) connections.
Example on 3.10 kernel:
# iptables -A INPUT -p tcp --syn --dport 25 -m connlimit --connlimit-above 2
-j REJECT
Connection #1:
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 localhost.localdomain ESMTP Sendmail 8.14.5/8.14.5; Thu, 6 Jun 2013
12:04:31 -0400
Connection #2:
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 localhost.localdomain ESMTP Sendmail 8.14.5/8.14.5; Thu, 6 Jun 2013
12:04:34 -0400
Connection #3:
# telnet localhost 25
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
Closing.
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Seemingly Similar Threads
- [Bug 857] New: ConnLimit unable to work properly
- [Bug 589] MARK doesn't work properly with incoming traffic
- [Bug 599] netfilter/iptables leaking traffic when long chains are defined
- [Bug 627] NATed TCP-connections fail arbitrarily
- [Bug 752] ipq_read() will return an error (rc = -1) and the error message says "Received truncated message"
Wisdom of the Ancients
