Tom: On 2/16/2010 12:30 PM, Tom Eastep wrote:
>>> While using the 'limit' match worked fine, becoming IP-specific with >>> 'hashlimit' has not been working. More specifically there seems to be no >>> limiting occurring. The same source IP addresses show up in the logs on >>> essentially every connection. >>> >>> I have attached my 'shorewall dump' output. I read through the file and >>> have reviewed my configuration files and I don't understand what could >>> be going wrong. Any insight would be appreciated. >>> >> >> I have none. Let's wait to see if your query on the Netfilter list bears >> fruit. If not, I would send it to netfilter-devel; when you do that, be >> sure to mention your kernel version. > > I think that I've figured this out. The default expiration time for idle > entries is 10 seconds. So very infrequent packets from a given IP > address will always match when the rate is low. Alright. So if I understand correctly, then limiting to an average rate of once per hour or once per day needs to be combined with overriding the default expiration time? Actually any time that a packet would come in at a rate of less than once every ten seconds, the expiration time should be changed from the default? Thank you for helping me figure this out. Having experts like yourself willing to help and explain makes learning a lot of fun. -- Brian Schang ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
