bugzilla-daemon at netfilter.org
2017-Dec-27 10:40 UTC
[Bug 1207] New: connlimit rule fires too often
https://bugzilla.netfilter.org/show_bug.cgi?id=1207 Bug ID: 1207 Summary: connlimit rule fires too often Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: ip_tables (kernel) Assignee: netfilter-buglog at lists.netfilter.org Reporter: toralf.foerster at gmx.de I do use the following rule to get being informed if the amount of new outgoing connections from my server at port $p is higher than a given threshold $n: $IPT -A OUTPUT -p tcp --destination-port $p --syn --match connlimit --connlimit-above $n --connlimit-mask 0 --connlimit-daddr --match limit --limit 1/second --limit-burst 1 -j LOG --log-prefix "limit $n at $p reached " After few hours this rule fires too often (every few seconds). A restart of the iptables init.d script solved the issue immediately and the rule fires again just rarely as expected. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171227/e82e63ea/attachment.html>
Maybe Matching Threads
- Running iptables/netfilter module connlimit with stock CentOS4
- [Bug 857] New: ConnLimit unable to work properly
- iptables connlimit
- [Bug 515] New: connlimit filter doesn't work in 1.3.5 version of iptables
- [Bug 618] New: connlimit doesn't work after upgrade to iptables 1.4.5