Re: IPtables rate limiting question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 26 Oct 2024, at 11:23 AM, Reindl Harald wrote:
> Am 25.10.24 um 23:37 schrieb Kerin Millar:
>> On Fri, 25 Oct 2024, at 9:13 PM, Slavko wrote:
>>> Dňa 25. októbra 2024 18:12:56 UTC používateľ Kerin Millar
>>> <kfm@xxxxxxxxxxxxx> napísal:
>>>
>>>> To that end, consider taking advantage of ipsets. Below is a sample ruleset in iptables-save format.
>>>>
>>>> *raw
>>>> :PREROUTING ACCEPT [0:0]
>>>> :OUTPUT ACCEPT [0:0]
>>>> :limitban - [0:0]
>>>> -A PREROUTING ! -i lo -p tcp -m conntrack --ctstate NEW -j limitban
>>>
>>> Please will conntrack really works in raw table? I live in that raw table
>>> happens before conntrack...
>> 
>> Probably not
>
> for sure not
>
> The poster did not say which table they are using
>
> he did! >>> *raw

He (Francisco) certainly did not. It was I that wrote "*raw" and to whom Slavko was replying.

-- 
Kerin Millar





[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux