host: armv7l GNU/Linux kernel: 5.10.0-rc3-next-20201113 nftables: v0.9.6 ______Whilst rate limiting frames I would like those to be logged but the logs not to be flooded and thus trying to rate limit the log entries as well, however it seems that the log rate limiting is interfering with the frame rate limiting. The observation is that the log rate limit is being applied as frame limit instead - am I missing something in the the syntax?
with this rule:icmp type 8 add @b_sa4_lan_pinger { ip saddr limit rate over 5/day } log flags all prefix "ping_ip4 from LAN > rate_limit_d DROP: " limit rate 5/minute drop;
or alternatively:icmp type 8 add @b_sa4_lan_pinger { ip saddr limit rate over 5/day } limit rate 5/minute log flags all prefix "ping_ip4 from LAN > rate_limit_d DROP: " drop;
it is observed that the icmp frames # 1 - 5 are going through, as expected. Then icmp frames # 6 -10 being dropped but unexpectedly as from icmp frame # 11 the frames as going through again and not being dropped - which is unexpected/unwanted.
If the log rate limit is being removed:icmp type 8 add @b_sa4_lan_pinger { ip saddr limit rate over 5/day } log flags all prefix "ping_ip4 from LAN > rate_limit_d DROP: " drop;
then all icmp frames exceeding 5 count being dropped, as expected but the log being flooded.
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
