iptables limit module broken on sparc?
I recently set up a Sun UltraSparc 5 as a firewall. I want to log
unwanted packets, but the iptables 'limit' module seems not to work. Here
is the relevant snippet from my firewall script:
iptables -N DROP_AND_LOG
iptables -A DROP_AND_LOG -p tcp --match limit --limit 3/hour --limit-burst 3 \
-j LOG --log-level info
# only log TCP since there are so many random UDP packets floating around
iptables -A DROP_AND_LOG -j DROP
Problem is, when executing the second line above, iptables tells me
"Invalid argument" and no logging line appears in the output of
"iptables -L". The problem is fixed if I remove the limit-matching syntax,
but then of course the machine isn't protected from log flooding. So I've
disabled logging altogether for now.
I am running woody with the stock kernel package kernel-image-2.4.18-sun4u
installed. Doing an lsmod shows that ipt_LOG and ipt_limit modules are
both loaded, so what is wrong? This used to work on the previous firewall
(an old Pentium).
Kevin McCarty Physics Department
email@example.com Princeton University
www.princeton.edu/~kmccarty Princeton, NJ 08544