[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

iptables limit module broken on sparc?

Hi all,
I recently set up a Sun UltraSparc 5 as a firewall.  I want to log 
unwanted packets, but the iptables 'limit' module seems not to work.  Here 
is the relevant snippet from my firewall script:

iptables -N DROP_AND_LOG
iptables -A DROP_AND_LOG -p tcp --match limit --limit 3/hour --limit-burst 3 \
	-j LOG --log-level info
# only log TCP since there are so many random UDP packets floating around
iptables -A DROP_AND_LOG -j DROP

Problem is, when executing the second line above, iptables tells me
"Invalid argument" and no logging line appears in the output of
"iptables -L". The problem is fixed if I remove the limit-matching syntax,
but then of course the machine isn't protected from log flooding.  So I've
disabled logging altogether for now.

I am running woody with the stock kernel package kernel-image-2.4.18-sun4u
installed. Doing an lsmod shows that ipt_LOG and ipt_limit modules are
both loaded, so what is wrong?  This used to work on the previous firewall
(an old Pentium).


Kevin McCarty                Physics Department
kmccarty@princeton.edu       Princeton University
www.princeton.edu/~kmccarty  Princeton, NJ 08544

Reply to: