iptables limit module broken on sparc?

To: debian-sparc@lists.debian.org
Subject: iptables limit module broken on sparc?
From: "Kevin B. McCarty" <kmccarty@Princeton.EDU>
Date: Thu, 15 Aug 2002 15:16:47 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.4.44.0208151516190.30936-100000@boater.Princeton.EDU>

Hi all,
I recently set up a Sun UltraSparc 5 as a firewall.  I want to log 
unwanted packets, but the iptables 'limit' module seems not to work.  Here 
is the relevant snippet from my firewall script:

iptables -N DROP_AND_LOG
iptables -A DROP_AND_LOG -p tcp --match limit --limit 3/hour --limit-burst 3 \
	-j LOG --log-level info
# only log TCP since there are so many random UDP packets floating around
iptables -A DROP_AND_LOG -j DROP

Problem is, when executing the second line above, iptables tells me
"Invalid argument" and no logging line appears in the output of
"iptables -L". The problem is fixed if I remove the limit-matching syntax,
but then of course the machine isn't protected from log flooding.  So I've
disabled logging altogether for now.

I am running woody with the stock kernel package kernel-image-2.4.18-sun4u
installed. Doing an lsmod shows that ipt_LOG and ipt_limit modules are
both loaded, so what is wrong?  This used to work on the previous firewall
(an old Pentium).

Thanks,

-- 
Kevin McCarty                Physics Department
kmccarty@princeton.edu       Princeton University
www.princeton.edu/~kmccarty  Princeton, NJ 08544

Reply to:

Follow-Ups:
- Re: iptables limit module broken on sparc?
  - From: Blars Blarson <blarson@blars.org>

Prev by Date: RE: installation issues
Next by Date: Which mouse for gpm on Sunblade 100?
Previous by thread: Re: Can't boot install on Blade 100 - WAS: What choice for Type 6 keyboard
Next by thread: Re: iptables limit module broken on sparc?
Index(es):
- Date
- Thread