bugzilla-daemon at netfilter.org
2017-Dec-27 10:40 UTC
[Bug 1207] New: connlimit rule fires too often
https://bugzilla.netfilter.org/show_bug.cgi?id=1207
Bug ID: 1207
Summary: connlimit rule fires too often
Product: netfilter/iptables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ip_tables (kernel)
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: toralf.foerster at gmx.de
I do use the following rule to get being informed if the amount of new outgoing
connections from my server at port $p is higher than a given threshold $n:
$IPT -A OUTPUT -p tcp --destination-port $p --syn --match connlimit
--connlimit-above $n --connlimit-mask 0 --connlimit-daddr --match limit --limit
1/second --limit-burst 1 -j LOG --log-prefix "limit $n at $p reached "
After few hours this rule fires too often (every few seconds). A restart of the
iptables init.d script solved the issue immediately and the rule fires again
just rarely as expected.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171227/e82e63ea/attachment.html>
Apparently Analagous Threads
- Running iptables/netfilter module connlimit with stock CentOS4
- [Bug 857] New: ConnLimit unable to work properly
- iptables connlimit
- [Bug 515] New: connlimit filter doesn't work in 1.3.5 version of iptables
- [Bug 618] New: connlimit doesn't work after upgrade to iptables 1.4.5
Wisdom of the Ancients
