[OT?] inverted `limit' match support in iptables/netfilter

To: debian-security@lists.debian.org
Subject: [OT?] inverted `limit' match support in iptables/netfilter
From: Alexander Hvostov <vulture@aoi.dyndns.org>
Date: Mon, 15 Jan 2001 14:06:49 -0800 (PST)
Message-id: <[🔎] Pine.LNX.4.21.0101151404130.1767-100000@cornerstone.core.aoi>

Hello,

I'm trying to get the `limit' match support in iptables/netfilter to be
inverted in the sense that it only matches when the limit has been
exceeded. For instance, to log a flood:

iptables -I INPUT -m limit ! --limit 1/s -j LOG

However, for some reason, the `!' flag does not seem to change the
behavior of the limit match module, and it continues to match until the
limit is exceeded.

Does anyone have any ideas or solutions?

Regards,

Alex.

---
PGP/GPG Fingerprint:
  EFD1 AC6C 7ED5 E453 C367  AC7A B474 16E0 758D 7ED9

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM>CC/IT d- s:+ a16 C++(++++)>$ UL++++>$ P--- L++>++$ E+ W+(-) N+ o? K? w---() 
!O !M !V PS+(++)>+ PE-(--) Y+>+ PGP t+>++ !5 X-- R>++ tv(+) b+(++) DI(+) D++ 
G>+++ e--> h! !r y>+++ 
------END GEEK CODE BLOCK------

Reply to:

Follow-Ups:
- Re: [OT?] inverted `limit' match support in iptables/netfilter
  - From: Patrick Dreker <patrick@dreker.de>

Prev by Date: Re: lprng
Next by Date: Re: [OT?] inverted `limit' match support in iptables/netfilter
Previous by thread: Re: Firewall administering tool/whatever...
Next by thread: Re: [OT?] inverted `limit' match support in iptables/netfilter
Index(es):
- Date
- Thread