Re: iptables -limit
Mark Morgan Lloyd wrote:
>
> Jurij Smakov wrote:
> >
> > On Sat, Feb 10, 2007 at 10:03:29PM +0000, Mark Morgan Lloyd wrote:
> > > Is iptables rate limiting still broken with sparc64? Certainly appears
> > > to be with Sarge... has anybody ever found a working solution?
> >
> > Can you post a test case which would allow to reproduce the problem?
> > Is there a bug filed for it? Unfortunately, the chances that it's
> > going to be fixed for sarge (and for etch, for that matter), are
> > pretty slim.
>
> According to
> http://lists.netfilter.org/pipermail/netfilter-devel/2003-November/
> 013031.html it's #218837 which I see is marked "wontfix". Definitely still
> broken with a system installed from 3.1r3 CD (plus online upgrades),
> canonical solution is to rebuild the package locally but I've seen people
> querying the effectiveness of that.
The iptables source includes a special hack so that rebuilding on the target
system (i.e. 64-bit kernel, 32-bit userland) fixes the -m limit problem; as far
as I can tell this works OK. As a secondary known issue the byte and packet
counters might be still be broken but I don't see that as being so important.
I appreciate that it's too late to fix anything in Etch and that it won't be
backported to Sarge, but basically there need to be distinct debs: one for the
32-bit kernel and one for 64-bit.
--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk
[Opinions above are the author's, not those of his employers or colleagues]
Reply to: