search for: hashlimit

https://bugzilla.netfilter.org/show_bug.cgi?id=1740 Bug ID: 1740 Summary: hashlimit limit: reduction to lowest terms in the output is confusing Product: iptables Version: 1.8.x Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: minor Priority: P5 Component: iptable...

https://bugzilla.netfilter.org/show_bug.cgi?id=1273 Bug ID: 1273 Summary: hashlimit never appears to fail to match under 4.9.x Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: major Priority: P5 Component: ip_tables (kernel) Assignee: ne...

https://bugzilla.netfilter.org/show_bug.cgi?id=1320 Bug ID: 1320 Summary: iptables hashlimit - problem with traffic limitation Product: iptables Version: 1.6.x Hardware: All OS: Debian GNU/Linux Status: NEW Severity: major Priority: P5 Component: iptables Assignee: netfilter-buglog at lists.n...

...|RESOLVED CC| |netfilter at linuxace.com Resolution| |INVALID --- Comment #7 from Phil Oester <netfilter at linuxace.com> 2013-05-31 18:25:34 CEST --- Andre: you claim to be "editing" the hashlimit rule, but your images clearly show you are using iptables -A, not -R. So you are simply adding to the end of the chain, not editing the existing rule at all. As such, you should not expect different behaviour given the first rule you added will continue to match. Jan: this is simply how hashlimi...

https://bugzilla.netfilter.org/show_bug.cgi?id=650 --- Comment #8 from Andre Druhmann <andre at druhmann.de> 2013-05-31 19:01:55 CEST --- Hello, thank you for your reply.I deleted the rules in between the stepps, sorry i didnt captured that on the screenshots. Your explantation to Jan makes it clear for me thanks. -- Configure bugmail:

http://bugzilla.netfilter.org/show_bug.cgi?id=568 Summary: iptables-save saves option hashlimit-htable-gcinterval with error Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: iptables-save AssignedTo: laforge at ne...

https://bugzilla.netfilter.org/show_bug.cgi?id=1235 Bug ID: 1235 Summary: Error Message "Memory allocation problem" using hashlimit match Product: iptables Version: 1.6.x Hardware: x86_64 OS: Gentoo Status: NEW Severity: normal Priority: P5 Component: iptables Assignee: netfilter-buglog at lists.netfilter.org Reporter: n...

In wireless networks it can be handy to shape by packet rate rather than bytes/s (because capacity is packet-rate-limited). Has anyone done any work on packet-rate shaping ? Thanks.

...rs: 0.0 instead of the parameter I give to the LOG module, "NETFILTER drop ", it ends up getting mangled to "--log-prefix". excerpt from a file I feed to iptables-restore: -A LDROP -d 255.255.255.255/32 -p udp -j DROP -A LDROP -d 77.223.39.255/32 -p udp -j DROP -A LDROP -m hashlimit --hashlimit-above 1/min --hashlimit-mode srcip,dstip --hashlimit-burst 1 --hashlimit-name logldrop --hashlimit-htable-expire 60000 -j DROP -A LDROP -m limit --limit 5/s -j LOG --log-prefix "NETFILTER drop " --log-tcp-options --log-ip-options --log-uid --log-macdecode -A LDROP -j DROP ipt...

...ser/password combination the logs showed many lines like this: dovecot: pop3-login: Aborted login: user=<test>,...... The problem: If the attacker wouldn't have closed and reopened the connection no log would have been generated and he/she would have endless tries. Not even an iptables/hashlimit or fail2ban would have kicked in. How to reproduce: telnet dovecot-server pop3 user test pass test1 user test pass test2 ... QUIT ->Only the last try gets logged. If I enable auth_verbose every attempt gets logged, but if I read the docs correctly this option should only be used for figuring o...

https://bugzilla.netfilter.org/show_bug.cgi?id=1111 Bug ID: 1111 Summary: extensions: libxt_hashlimit: fix print_rate. Product: netfilter/iptables Version: unspecified Hardware: i386 OS: All Status: NEW Severity: major Priority: P5 Component: unknown Assignee: netfilter-buglog at lists.netfilter.org...

Hi all Can iptables have log and deny rule together? if no. how can I make a deny rule and log rule and the log rule can limit the log entry eg: 200 if yes, how can I make it I am using freebsd ipfw. eg: ipfw add 22 deny log all from any to x.x.x.x thank you ____________________________________________________________________________________ Take the Internet to Go: Yahoo!Go puts the

Hello, list members, can i limit pps rate with linux? How? -m limit does not fit, as i understood: it can help with low rates only (is that true? any suggestions?) Thank you, -- _,-=._ /|_/| `-.} `=._,.-=-._., @ @._, `._ _,-. ) _,.-'' ` G.m-"^m`m'' Dmytro O. Redchuk

...ser/password combination the logs showed many lines like this: dovecot: pop3-login: Aborted login: user=<test>,...... The problem: If the attacker wouldn't have closed and reopened the connection no log would have been generated and he/she would have endless tries. Not even an iptables/hashlimit or fail2ban would have kicked in. How to reproduce: telnet dovecot-server pop3 user test pass test1 user test pass test2 ... QUIT ->Only the last try gets logged. Question: Is there any way to close the connection after the first wrong user/pass combination. So an attacker would be forced t...

...tils: nfsynproxy: fix build with musl libc Dan Williams (3): libiptc: don't set_changed() when checking rules with module jumps iptables-restore/ip6tables-restore: add --version/-V argument iptables-restore.8: document -w/-W options Elise Lennion (1): extensions: libxt_hashlimit: Add translation to nft Florian Westphal (2): tests: xlate-test: no need to require superuser privileges policy: add nft translation for simple policy none/strict use case Gargi Sharma (2): iptables: Constify option struct extensions: libxt_TOS: Add translation to nft Har...

Which kernel supports the iptables'' -m dstlimit? Do I need a patch or something else to get it to work? Is it too experimental? -- Покотиленко Костик <casper@meteor.dp.ua>

Hi, i am using squid as a transparent proxy. i have added this 3 lines to my rules file ACCEPT $FW net tcp www ACCEPT loc $FW tcp 8080 REDIRECT loc 8080 tcp www - !192.168.100.2 i want to limit the number of connection that are made from every pc on the network to the proxy server. if i change the 2nd rule to ACCEPT loc $FW tcp 8080

Hi! The netfilter coreteam proudly presents: iptables version 1.3.7 The 1.3.7 version contains accumulated bugfixes to the last 1.3.6 version. This comes a bit earlier after the last release than usual because the endian annotations in 2.6.19 broke iptables compilation, which is fixed with this version. The ChangeLog is attached to this mail. Version 1.3.7 can be obtained from:

..."diff"): - info->v4_mask = 0xFFFFFFFFUL; + info->v6_mask[0] = 0xFFFFFFFFUL; + info->v6_mask[1] = 0xFFFFFFFFUL; + info->v6_mask[2] = 0xFFFFFFFFUL; + info->v6_mask[3] = 0xFFFFFFFFUL; I have tested this fix on my system. It seems to work. Hashlimit implements the CIDR mask differently and does not suffer from this problem. -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

....168.100.11 IPv4_Destination_Address 192.168.100.12 Port 3780 SndSocketBuffer 1249280 RcvSocketBuffer 1249280 Checksum on } Options { } } General { Nice -20 HashSize 32768 HashLimit 131072 LogFile on LockFile /var/lock/conntrack.lock UNIX { Path /var/run/conntrackd.ctl Backlog 20 } NetlinkBufferSize 2097152 NetlinkBufferSizeMaxGrowth 8388608 Filter From Kernelspace { Protoco...