[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables -limit

Jurij Smakov wrote:
> On Sat, Feb 10, 2007 at 10:03:29PM +0000, Mark Morgan Lloyd wrote:
> > Is iptables rate limiting still broken with sparc64? Certainly appears to be
> > with Sarge... has anybody ever found a working solution?
> Can you post a test case which would allow to reproduce the problem?
> Is there a bug filed for it? Unfortunately, the chances that it's
> going to be fixed for sarge (and for etch, for that matter), are
> pretty slim.

According to
it's #218837 which I see is marked "wontfix". Definitely still broken with a
system installed from 3.1r3 CD (plus online upgrades), canonical solution is to
rebuild the package locally but I've seen people querying the effectiveness of

iptables -A INPUT -i eth0 -m limit -j LOG

"iptables: Invalid argument"

Kernel module was correctly loaded. Rule set was Bob Sully's latest, been using
older versions on x86 for a couple of years.

I've just come across
http://lists.netfilter.org/pipermail/netfilter-devel/2003-January.txt which
describes a patch to fix the problem but haven't even read it yet. The important
thing is that this has been a known issue for three to four years.

Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk

[Opinions above are the author's, not those of his employers or colleagues]

> "I use a distribution called Debian"
> "what really sold me on it was its phenomenal bug database"
>       -- Neal Stephenson

Reply to: