Re: iptables -limit
Jurij Smakov wrote:
>
> On Sat, Feb 10, 2007 at 10:03:29PM +0000, Mark Morgan Lloyd wrote:
> > Is iptables rate limiting still broken with sparc64? Certainly appears to be
> > with Sarge... has anybody ever found a working solution?
>
> Can you post a test case which would allow to reproduce the problem?
> Is there a bug filed for it? Unfortunately, the chances that it's
> going to be fixed for sarge (and for etch, for that matter), are
> pretty slim.
According to
http://lists.netfilter.org/pipermail/netfilter-devel/2003-November/013031.html
it's #218837 which I see is marked "wontfix". Definitely still broken with a
system installed from 3.1r3 CD (plus online upgrades), canonical solution is to
rebuild the package locally but I've seen people querying the effectiveness of
that.
iptables -A INPUT -i eth0 -m limit -j LOG
"iptables: Invalid argument"
Kernel module was correctly loaded. Rule set was Bob Sully's latest, been using
older versions on x86 for a couple of years.
I've just come across
http://lists.netfilter.org/pipermail/netfilter-devel/2003-January.txt which
describes a patch to fix the problem but haven't even read it yet. The important
thing is that this has been a known issue for three to four years.
--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk
[Opinions above are the author's, not those of his employers or colleagues]
> "I use a distribution called Debian"
> "what really sold me on it was its phenomenal bug database"
> -- Neal Stephenson
Reply to: