Re: [OT?] inverted `limit' match support in iptables/netfilter

To: debian-security@lists.debian.org
Subject: Re: [OT?] inverted `limit' match support in iptables/netfilter
From: Patrick Dreker <patrick@dreker.de>
Date: Tue, 16 Jan 2001 00:39:02 +0100
Message-id: <[🔎] 01011600390200.14678@wintermute>
In-reply-to: <[🔎] Pine.LNX.4.21.0101151404130.1767-100000@cornerstone.core.aoi>
References: <[🔎] Pine.LNX.4.21.0101151404130.1767-100000@cornerstone.core.aoi>

Am Montag, 15. Januar 2001 23:06 schrieb Alexander Hvostov:
> Hello,
>
> I'm trying to get the `limit' match support in iptables/netfilter to be
> inverted in the sense that it only matches when the limit has been
> exceeded. For instance, to log a flood:
>
> iptables -I INPUT -m limit ! --limit 1/s -j LOG
>
> However, for some reason, the `!' flag does not seem to change the
> behavior of the limit match module, and it continues to match until the
> limit is exceeded.
Try doing it this way (in a separate chain):

iptables -A limitexceeded -m limit --limit 1/s -j ACCEPT (or DROP or whatever)
iptables -A limitexceeded -j LOG

untested, but should do the trick.

> Does anyone have any ideas or solutions?
> Regards,
> Alex.

-- 
Patrick Dreker
---------------------------------------------------------------------
> Is there anything else I can contribute?
The latitude and longtitude of the bios writers current position, and
a ballistic missile.        
                         Alan Cox on linux-kernel@vger.kernel.org

Reply to:

References:
- [OT?] inverted `limit' match support in iptables/netfilter
  - From: Alexander Hvostov <vulture@aoi.dyndns.org>

Prev by Date: [OT?] inverted `limit' match support in iptables/netfilter
Next by Date: wtmp question
Previous by thread: [OT?] inverted `limit' match support in iptables/netfilter
Next by thread: wtmp question
Index(es):
- Date
- Thread