bugzilla-daemon at netfilter.org
2013-Jun-06 16:09 UTC
[Bug 676] connlimit doesn't work properly
https://bugzilla.netfilter.org/show_bug.cgi?id=676 Phil Oester <netfilter at linuxace.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |netfilter at linuxace.com Resolution| |WORKSFORME --- Comment #2 from Phil Oester <netfilter at linuxace.com> 2013-06-06 18:09:21 CEST --- This works fine for me on recent kernels. Perhaps you misunderstand that connlimit means you need SIMULTANEOUS connections opened? It does not track CLOSED (historical) connections. Example on 3.10 kernel: # iptables -A INPUT -p tcp --syn --dport 25 -m connlimit --connlimit-above 2 -j REJECT Connection #1: # telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 localhost.localdomain ESMTP Sendmail 8.14.5/8.14.5; Thu, 6 Jun 2013 12:04:31 -0400 Connection #2: # telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 localhost.localdomain ESMTP Sendmail 8.14.5/8.14.5; Thu, 6 Jun 2013 12:04:34 -0400 Connection #3: # telnet localhost 25 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused Closing. -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
Reasonably Related Threads
- [Bug 857] New: ConnLimit unable to work properly
- [Bug 589] MARK doesn't work properly with incoming traffic
- [Bug 599] netfilter/iptables leaking traffic when long chains are defined
- [Bug 627] NATed TCP-connections fail arbitrarily
- [Bug 752] ipq_read() will return an error (rc = -1) and the error message says "Received truncated message"