Klaus Ethgen <Klaus+lkml@xxxxxxxxx> wrote: > Resend to netfilter-devel@xxxxxxxxxxxxxxx, posted first to lkml. > > Recently I tried to mitigate some slow attacks via netfilter rule > utilizing hashlimit target. I used the following specification: > > -A DETECT_INVALID -m hashlimit --hashlimit-upto 10/hour --hashlimit-mode srcip --hashlimit-name attack_invalid -j RETURN > > Now I seen some strange stuff. The counter in > /proc/net/ipt_hashlimit/attack_invalid only counts from 60 back to 0 and > then the entry disappears. Than means that a rate of 10/hour will never > ever be detected at all. Can't reproduce this with 4.0 on x86_64, using iptables 1.4.21 (64bit): 3598 127.0.0.1:0->0.0.0.0:0 8119296 57600000 11520000 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html