On 4/29/12 3:05 PM, Pau Beltrán wrote: > Hi list, > > I recently configured Shorewall 4.5.0.3 on a Debian 6 (Linux 2.6.32-5-686). > > I successfuly configured everything for a two interface firewall but all > DNAT rules I have are ignoring the rate-limit option. > > For example, I have this rule: > DNATnetloc:192.168.2.2:8090 <http://192.168.2.2:8090>tcp80--s:adw:1/min:2 > > I put it this way for testing and its doing DNAT ok but it accepts every > connection attempt in any rate. I just want to rate limit by source IP. > I read the manual, faqs, troubleshooting, goole, etc. but no clue on > what's happening. I'm unable to rate-limit DNAT rules. Maybe I made a > silly mistake but I have no clue... > > My policy file ends with REJECT all all and there is no ACCEPT net loc > so that theoretically if the rule rate-limited do not match the packet > should be droped... > > Please, any idea on how Im doing wrong??
No -- we need to see the output of 'shorewall dump' collected as described at http://www.shorewall.net/support.htm#Guidelines -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
