On Wednesday 2010-07-14 10:03, ha do wrote: >hi all > >i just setup the hashlimit for SIP REGISTER on iptables and the rule is: >-A INPUT -p udp -i eth0 --dport 5060 -m hashlimit --hashlimit 1/minute >--hashlimit-burst 2 --hashlimit-mode srcip,srcport --hashlimit-name "cucku" -m >string --string "REGISTER sip:" --algo bm --to 80 -j ACCEPT > >so from my understand the IPTABLES will let 2 REGSITER packets per minute >so when i use the xlite to send the RESGISTER message , the first REGISTER >packet is accepted but the seconds REGISTER packet is blocked by iptables Order matters! The packet is counted, even if it does not match the string. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
