Re: use of the limiting options

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: Re: use of the limiting options
From: Mark Moseley <moseleymark@xxxxxxxxx>
Date: Wed, 26 Jan 2005 10:43:55 -0800
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=YBL8TleEFD2ovDRjMmz9RBK9vC87rH49G9kVaneD6Mlpu05rrKrThwnFkMylYE+nsalr+dEzzwaMLkPTCXJm3+XZniDn71qVfioZGgySQhntKL8ia1DGSwD7YUDZIH86zW/sdn4nuzyMCAVtbAyr6SNCTjx1B5eS1CW5opkomV0=
In-reply-to: <Pine.LNX.4.53.0501260156100.24829@altaica>
References: <Pine.LNX.4.53.0501251248340.24829@altaica> <Pine.LNX.4.53.0501251306320.24829@altaica> <Pine.LNX.4.53.0501251327570.24829@altaica> <294d5daa0501251137328fa4ff@mail.gmail.com> <Pine.LNX.4.53.0501251340370.24829@altaica> <294d5daa05012511513465fcc1@mail.gmail.com> <Pine.LNX.4.53.0501251355270.24829@altaica> <294d5daa0501251217b1935c4@mail.gmail.com> <Pine.LNX.4.53.0501251421150.24829@altaica> <Pine.LNX.4.53.0501260156100.24829@altaica>
Reply-to: Mark Moseley <moseleymark@xxxxxxxxx>
Sender: netfilter-bounces@xxxxxxxxxxxxxxxxxxx

I'm guessing maybe you don't have a rule above that accepts
established connections? e.g.
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state
ESTABLISHED -j ACCEPT

If you don't have that, your established connection will soon deplete
the 6/hr packets as well.

Though, as Jason mentioned, you probably want to poke a hole or two
through for select known-good IPs.

Follow-Ups:
- Re: use of the limiting options
  - From: Tib

References:
- use of the limiting options
  - From: Tib
- Re: use of the limiting options
  - From: Tib
- Re: use of the limiting options
  - From: Tib
- Re: use of the limiting options
  - From: Mark Moseley
- Re: use of the limiting options
  - From: Tib
- Re: use of the limiting options
  - From: Mark Moseley
- Re: use of the limiting options
  - From: Tib
- Re: use of the limiting options
  - From: Tib

Prev by Date: Re: http://www.netfilter.org/patch-o-matic/index.html almost empty
Next by Date: Re: valid INPUT/OUTPUT rule piece?--> '-p tcp --tcp-flags ACK, FIN FIN -j DROP', etc.
Previous by thread: Re: use of the limiting options
Next by thread: Re: use of the limiting options
Index(es):
- Date
- Thread

[Index of Archives] [Linux Netfilter Development] [Linux Kernel Networking Development] [Netem] [Berkeley Packet Filter] [Linux Kernel Development] [Advanced Routing & Traffice Control] [Bugtraq]