On Tue, Oct 19, 2004 at 05:48:17PM -0700, Jerome Ibanes wrote: > > I'm trying to setup dstlimit, but, for instance, such configuration: > root@erinyes:/usr/src/linux# /usr/local/sbin/iptables -A INPUT -m dstlimit > --dstlimit 1000 --dstlimit-burst 10000 --dstlimit-htable-size 100000 > --dstlimit-htable-max 1000000 --dstlimit-htable-expire 100000 > --dstlimit-htable-gcinterval 1000 --dstlimit-mode dstip-dstport > --dstlimit-name foo -j REJECT > > rejects each and every packet, do you know what could possibly be wrong? I > use 2.6.9, iptables 1.2.11 on a slackware 10. > > Do you have any examples of dstlimit configurations? It behaves exactly like 'limit'. It matches underlimit packets and doesn't match overlimit packes. Your rule therefore does exactly what it is intended: REJECT any underlimit (i.e. within-the-limit) packets. A patch to the netfilter-extensions-HOWTO is appreciated. > Thanks, > Jerome -- - Harald Welte <laforge@xxxxxxxxxxxxx> http://www.netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie
Attachment:
signature.asc
Description: Digital signature
