* Can't confirm limit rule works with tcpdump output.
@ 2004-07-29 23:04 Matthew Schumacher
0 siblings, 0 replies; only message in thread
From: Matthew Schumacher @ 2004-07-29 23:04 UTC (permalink / raw)
To: netfilter
Ok I have this rule in my firewall:
iptables -A INPUT -p udp -d <HOSTA> --dport 1646 -m limit ! --limit
10/sec --limit-burst 20 -j LOG --log-prefix "IPTABLES Radius limit: "
From what I have read this should create a bucket that can hold 20
tokens and fill it at a rate of 10 tokens per second. For every packet
with the DST address <HOSTA> on port 1646 take a token out of the
bucket. If the bucket is completely empty then match (because of
negation) and process the LOG target.
This is not what happens because my tcpdump output shows nothing close
to 10 packets per second yet the rule matches and logs.
I know I'm missing something here can someone point it out to me?
Thanks,
schu
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2004-07-29 23:04 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-07-29 23:04 Can't confirm limit rule works with tcpdump output Matthew Schumacher
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox