Mikhail Morfikov <mmorfikov@xxxxxxxxx> wrote: > On 10/01/2019 12:55, Florian Westphal wrote: > > > > limit rate .... log prefix ... > > That's weird. Shouldn't the two following rules be the same? > > add rule inet filter INPUT limit rate 1/minute burst 1 packets log prefix "* INPUT * " > add rule inet filter INPUT log prefix "* INPUT * " limit rate 1/minute burst 1 packets > > Because when I use the first rule, only one message goes > to the syslog. But when I use the second rule instead, all > packets get logged, even only one of them hits the rule. Its evaluated left-to-right, so: limit rate 1/minute will prevent next expression from being evaluated unless 1/minute rate requirement is satisfied. If you place log first, everything gets logged, then the rate gets checked.
