At my server (stable hardened Gentoo with vanilla 4.15.7) I do have this rule: /sbin/iptables -A OUTPUT -p tcp --destination-port 443 --syn --match connlimit --connlimit-above 3000 --connlimit-mask 0 --connlimit-daddr --match limit --limit 1/second --limit-burst 1 -j LOG --log-prefix "443 hammered " Sometimes (usually after 2-4 days uptime) however this rule fires too often - even over hours. When I restart the iptable script then the rule stopps to fire. This happened few times in a row over the last weeks. So I'm convinced that there wasn't an external event related to this behaviour. Currently I use a cronjob to restart my firewall script hourly - works as expected, the behaviour vanished. Known issue? -- Toralf PGP C4EACDDE 0076E94E -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
