Re: Bug in the wiki

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jul 6, 2022 at 11:22 AM Frank Myhr <fmyhr@xxxxxxxxxxx> wrote:
> To be clear: you're testing this example ruleset and seeing unlimited
> echo requests being allowed in despite the limit rule?
>
>
> > Can you give me a hint why you think ct wouldn't accept it forever
> > after the first accept?
>
> I'm going to have to defer to others with in-depth knowledge of ct. I
> suspect that if all of your echo requests come from the same source ip
> address, *maybe* the limit is ineffective as you suggest. I'd be very
> surprised if echo requests from multiple ip addresses are also immune to
> the limit.

Yes. I am testing and always and the bug is exposed with a flood ping,
for example, so from the same IP.

Yes, I agree that this should accept 5 new sources per second, but
each can then do unlimited requests.

That is why I suggest the wiki to be updated.

Thanks



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux