bugzilla-daemon at netfilter.org
2013-Oct-09 09:12 UTC
[Bug 857] New: ConnLimit unable to work properly
https://bugzilla.netfilter.org/show_bug.cgi?id=857 Summary: ConnLimit unable to work properly Product: iptables Version: 1.4.x Platform: All OS/Version: RedHat Linux Status: NEW Severity: critical Priority: P5 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: priyaja at cisco.com Estimated Hours: 0.0 Hi, I have used connLimit to limit the no. of connections on specific port, but it unable to limit number of connections. It have run 2 scenarios and in both, connLimit works different: Case 1: Set the connLimit value to 20000, run the tcp flood at slow rate(say 100 packets/sec). In this case connLimit work properly and stop creating connections more than 20000. Case 2: Set the connLimit value to 20000, run the tcp flood at high rate(say 400 packets/sec). In this case connLimit doesn't work and unable to stop number of connections when cross the limit. As per my understanding, iptables rule are used to prevent DoS attack, so rules should be work irrespective of no. of packets sent or connLimit value. Using iptables version: v1.4.7 OS used: Red Hat Enterprise Linux Server release 6.2 Please let me know, if I have miss some configuration, or it is know bug. Thanks & Regards, Priya Jain -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
bugzilla-daemon at netfilter.org
2013-Oct-13 15:04 UTC
[Bug 857] ConnLimit unable to work properly
https://bugzilla.netfilter.org/show_bug.cgi?id=857 Phil Oester <netfilter at linuxace.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |netfilter at linuxace.com --- Comment #1 from Phil Oester <netfilter at linuxace.com> 2013-10-13 17:04:35 CEST --- What kernel version? Have you tested with a recent kernel.org kernel? Also - what does your ruleset look like? -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
bugzilla-daemon at netfilter.org
2013-Oct-21 20:53 UTC
[Bug 857] ConnLimit unable to work properly
https://bugzilla.netfilter.org/show_bug.cgi?id=857 --- Comment #2 from Phil Oester <netfilter at linuxace.com> 2013-10-21 22:53:42 CEST --- Priyaja: please respond to follow up questions. -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
bugzilla-daemon at netfilter.org
2013-Nov-30 22:06 UTC
[Bug 857] ConnLimit unable to work properly
https://bugzilla.netfilter.org/show_bug.cgi?id=857 Phil Oester <netfilter at linuxace.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WORKSFORME --- Comment #3 from Phil Oester <netfilter at linuxace.com> 2013-11-30 23:06:49 CET --- Giving up on receiving an answer to multiple requests for additional information. Closing. -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
Seemingly Similar Threads
- [Bug 676] connlimit doesn't work properly
- [Bug 515] connlimit filter doesn't work in 1.3.5 version of iptables
- [Bug 849] New: 172.245.13.X doesn't appear properly in output of iptables -L
- [Bug 823] New: IPv6 NAT memory leaking
- [Bug 877] New: nftables - Set - define core dumps