bugzilla-daemon at netfilter.org
2018-Jul-02 12:03 UTC
[Bug 1267] New: unable to use limit with counter in meters
https://bugzilla.netfilter.org/show_bug.cgi?id=1267
Bug ID: 1267
Summary: unable to use limit with counter in meters
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Gentoo
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: karel at unitednetworks.cz
It looks like nft doesnt allow counter after limit inside of meter.
counter after limit:
--------------------
localhost ~ # nft add rule filter INPUT icmp type echo-request meter
icmp-spammer { ip saddr limit rate over 10/second burst 30 packets counter}
counter drop
Error: syntax error, unexpected counter, expecting '}'
add rule filter INPUT icmp type echo-request meter icmp-spammer { ip saddr
limit rate over 10/second burst 30 packets counter} counter drop
counter before limit (just for test):
-------------------------------------
localhost ~ # nft add rule
filter INPUT icmp type echo-request meter icmp-spammer { ip saddr counter limit
rate over 10/second burst 30 packets} counter drop
Error: syntax error, unexpected limit, expecting '}'
add rule filter INPUT icmp type echo-request meter icmp-spammer { ip saddr
counter limit rate over 10/second burst 30 packets} counter drop
without counter adding rule works:
----------------------------------
localhost ~ # nft add rule filter INPUT icmp type echo-request meter
icmp-spammer { ip saddr limit rate over 10/second burst 30 packets} counter
drop
Without limit counter in meter works, e.g.:
-------------------------------------------
localhost ~ # nft add rule filter INPUT icmp type echo-request meter icmp-meter
{ ip saddr counter }
Expected behaviour: counter after limit inside meter should count packets/bytes
which got through limit (which are under limit, or when using "over"
keyword
which are over limit).
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180702/93ce52ce/attachment.html>
bugzilla-daemon at netfilter.org
2019-Dec-08 02:44 UTC
[Bug 1267] unable to use limit with counter in meters
https://bugzilla.netfilter.org/show_bug.cgi?id=1267
kfm at plushkava.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kfm at plushkava.net
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191208/12f7c389/attachment.html>
bugzilla-daemon at netfilter.org
2020-Aug-29 00:23 UTC
[Bug 1267] unable to use limit with counter in meters
https://bugzilla.netfilter.org/show_bug.cgi?id=1267
kfm at plushkava.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1461
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200829/dcf9fbb2/attachment.html>
bugzilla-daemon at netfilter.org
2020-Aug-31 14:40 UTC
[Bug 1267] unable to use limit with counter in meters
https://bugzilla.netfilter.org/show_bug.cgi?id=1267 --- Comment #1 from Karel Rericha <karel at unitednetworks.cz> --- As this old bug was added as dependency to https://bugzilla.netfilter.org/show_bug.cgi?id=1461 I tested it again and it still does not work in kernel 5.7.15 and latest nft from git. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200831/106fc316/attachment.html>
Apparently Analagous Threads
- [Bug 1326] New: `nft list' is very slow when output contains meters that has lots of elements
- [Bug 1461] New: [TRACKER] Issues concerning sets, maps and meters
- [Bug 1185] New: counter flag proposal for sets and maps
- [Bug 1330] New: Parse error for importing set with netmask
- [Bug 1720] New: Time-zone bug in hour-of-day parsing or display