[PLD 3.x (Th): Bug 115] iptables -m --connlimit-above n doesn't work
btsadmin at pld-linux.org
btsadmin at pld-linux.org
Tue May 13 00:20:20 CEST 2008
http://bugs.pld-linux.org/show_bug.cgi?id=115
Michał Łukaszek <prism at pld-linux.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |prism at pld-linux.org
--- Comment #1 from Michał Łukaszek <prism at pld-linux.org> 2008-05-13 00:20:20 ---
Cannot reproduce, see below.
# iptables -m connlimit --help
[...]
connlimit v1.4.0 options:
[!] --connlimit-above n match if the number of existing
connections is (not) above n
--connlimit-mask n group hosts using mask
# iptables -A FORWARD -p tcp --syn -s 192.168.1.0/24 -m connlimit
--connlimit-above 9 -j REJECT
# iptables -A FORWARD -p tcp -s 192.168.1.0/24 -m connlimit --connlimit-above 9
-j REJECT
# iptables -vL FORWARD
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- any any 192.168.1.0/24 anywhere
tcp flags:FIN,SYN,RST,ACK/SYN #conn/32 > 9 reject-with
icmp-port-unreachable
0 0 REJECT tcp -- any any 192.168.1.0/24 anywhere
#conn/32 > 9 reject-with icmp-port-unreachable
# uname -a
Linux xxxxxx 2.6.24.7-0 #1 SMP Sun May 11 22:34:35 CEST 2008 i686
AMD_Turion(tm)_64_Mobile_Technology_ML-30 PLD Linux
Please try newer kernel and give feedback here.
--
Configure bugmail: http://bugs.pld-linux.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
More information about the pld-bugs
mailing list