Hi All I am having a scenario where the iptables hashlimit feature is not working as expected. Following is the list of IP rules INPUT (policy ACCEPT 1342 packets, 488K bytes) 1840 755K TEST all -- any any anywhere anywhere TEST (1 references) 0 0 CHAIN2 all -- any any anywhere anywhere set SET2 dst 1840 755K CHAIN1 all -- any any anywhere anywhere set SET1 dst CHAIN1 (1 references) 919 375K ACCEPT all -- any any anywhere anywhere limit: avg 200/sec burst 10 mode dstip 921 380K LOG all -- any any anywhere anywhere LOG level warning prefix `_SET1' CHAIN2 (1 references) 0 0 ACCEPT all -- any any anywhere anywhere limit: avg 50/sec burst 10 mode dstip 0 0 LOG all -- any any anywhere anywhere LOG level warning prefix `_SET2' Here, SET1 and SET2 are iphash Now after applying the above rules, irrespective of which set (SET1 or SET2), I send the packets from I find that the limit that is used is 50/s, even though there are different chains for different sets. That is packets from SET1 match CHAIN1 but the hashlimit value thats used is 50/s. So effectively the hashlimit that is set for all the chains is the one in the chain that occurs first. Am I doing something wrong here, or is this a limitation with hashlimit? Thanks in advance With Regards Retesh Chadha
