Menu
▾
▴
Re: [Shorewall-users] Limits for logging DROP?
|
From: Tom E. <te...@sh...> - 2010-02-16 17:31:03
|
Tom Eastep wrote: > Brian Schang wrote: >> Hello: >> >> On 2/14/2010 4:00 PM, Tom Eastep wrote: >> >>> In /etc/shorewall/action.LogLimit >>> >>> LOG:info - - - - - s:1/hour:1 >> While using the 'limit' match worked fine, becoming IP-specific with >> 'hashlimit' has not been working. More specifically there seems to be no >> limiting occurring. The same source IP addresses show up in the logs on >> essentially every connection. >> >> I have attached my 'shorewall dump' output. I read through the file and >> have reviewed my configuration files and I don't understand what could >> be going wrong. Any insight would be appreciated. >> > > I have none. Let's wait to see if your query on the Netfilter list bears > fruit. If not, I would send it to netfilter-devel; when you do that, be > sure to mention your kernel version. I think that I've figured this out. The default expiration time for idle entries is 10 seconds. So very infrequent packets from a given IP address will always match when the rate is low. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ |