* nftables - quota isn't working? @ 2021-08-12 13:01 pauloric 2021-08-12 14:10 ` pauloric 0 siblings, 1 reply; 3+ messages in thread From: pauloric @ 2021-08-12 13:01 UTC (permalink / raw) To: netfilter; +Cc: pauloric Hi all Reading https://wiki.nftables.org/wiki-nftables/index.php/Quotas I have been testing quota but I have a doubt. a) If I use this rule below , quota reaches its value, but download continues. insert rule inet filter FORWARD ip daddr 192.168.10.11 quota until 2 mbytes counter accept comment "paulo-quota" nft list ruleset | grep 'paulo-quota' ip daddr 192.168.10.11 quota 2 mbytes used 2 mbytes counter packets 1074 bytes 2094663 accept comment "paulo-quota" b) But if I invert logic, download stops. insert rule inet filter FORWARD ip daddr 192.168.10.11 quota over 2 mbytes counter drop comment "paulo-quota" debian-10.10.0-amd64-netinst.iso https://gemmei.ftp.acc.umu.se/debian-cd/current/amd64/iso-cd/debian-10.10.0-amd64-netinst.iso 0 B/s - 22,9 MB de 336 MB Should a) have the same result as b) ? Ubuntu 20.04.2 5.4.0-47-generic #51-Ubuntu SMP nftables 0.9.3-2 Thanks in advanced -- Paulo Ricardo Bruck consultor ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: nftables - quota isn't working? 2021-08-12 13:01 nftables - quota isn't working? pauloric @ 2021-08-12 14:10 ` pauloric 2021-08-12 14:20 ` Florian Westphal 0 siblings, 1 reply; 3+ messages in thread From: pauloric @ 2021-08-12 14:10 UTC (permalink / raw) To: netfilter; +Cc: pauloric I think that I find the 'error'. Quota follows same rules that limit? https://wiki.nftables.org/wiki-nftables/index.php/Rate_limiting_matchings If it's correct it should be good to alert users that ares reading https://wiki.nftables.org/wiki-nftables/index.php/Quotas that Quotas follow same rules that limit.... 80) best regards ----- Mensagem original ----- De: "pauloric" <pauloric@contatogs.com.br> Para: "netfilter" <netfilter@vger.kernel.org> Cc: "pauloric" <pauloric@contatogs.com.br> Enviadas: Quinta-feira, 12 de agosto de 2021 10:01:34 Assunto: nftables - quota isn't working? Hi all Reading https://wiki.nftables.org/wiki-nftables/index.php/Quotas I have been testing quota but I have a doubt. a) If I use this rule below , quota reaches its value, but download continues. insert rule inet filter FORWARD ip daddr 192.168.10.11 quota until 2 mbytes counter accept comment "paulo-quota" nft list ruleset | grep 'paulo-quota' ip daddr 192.168.10.11 quota 2 mbytes used 2 mbytes counter packets 1074 bytes 2094663 accept comment "paulo-quota" b) But if I invert logic, download stops. insert rule inet filter FORWARD ip daddr 192.168.10.11 quota over 2 mbytes counter drop comment "paulo-quota" debian-10.10.0-amd64-netinst.iso https://gemmei.ftp.acc.umu.se/debian-cd/current/amd64/iso-cd/debian-10.10.0-amd64-netinst.iso 0 B/s - 22,9 MB de 336 MB Should a) have the same result as b) ? Ubuntu 20.04.2 5.4.0-47-generic #51-Ubuntu SMP nftables 0.9.3-2 Thanks in advanced -- Paulo Ricardo Bruck consultor -- Pau lo Ricardo Bruck consultor tel 011 3596-4881 011 cel 98140-9184(TIM/Whats) [ http://www.contatogs.com.br/ | http ] [ http://www.contatogs.com.br/ | s://www.contatoglobal.com.br ] Domou arigatou gozaimasu ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: nftables - quota isn't working? 2021-08-12 14:10 ` pauloric @ 2021-08-12 14:20 ` Florian Westphal 0 siblings, 0 replies; 3+ messages in thread From: Florian Westphal @ 2021-08-12 14:20 UTC (permalink / raw) To: pauloric; +Cc: netfilter pauloric@contatogs.com.br <pauloric@contatogs.com.br> wrote: > I think that I find the 'error'. > > Quota follows same rules that limit? > > https://wiki.nftables.org/wiki-nftables/index.php/Rate_limiting_matchings Yes, they do not 'drop' packets when the quota expires, it just stops matching (or starts matching, depending wheter its 'until' or 'over' mode). ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-08-12 14:20 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2021-08-12 13:01 nftables - quota isn't working? pauloric 2021-08-12 14:10 ` pauloric 2021-08-12 14:20 ` Florian Westphal
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox