Thank you Tom for the reply. Here you have my shorewall dump. If it helps: - First I tried this configuration with Shorewall 4.4.11.6 and then I upgraded to 4.5.0.3 looking to solve this problem. - I'm testing from another subnet outside the firewall, acting as "net" zone (192.168.1.0/24) I guess that will not be a problem. - I'm sure its bypassing the rate-limit I set because "shorewall hits" reports no hit with high rate connection tries.
Thanks! Regards. On 4/29/12 3:05 PM, Pau Beltrán wrote: > Hi list, > > I recently configured Shorewall 4.5.0.3 on a Debian 6 (Linux 2.6.32-5-686). > > I successfuly configured everything for a two interface firewall but all > DNAT rules I have are ignoring the rate-limit option. > > For example, I have this rule: > DNATnetloc:192.168.2.2:8090 <http://192.168.2.2:8090>tcp80--s:adw:1/min:2 > > I put it this way for testing and its doing DNAT ok but it accepts every > connection attempt in any rate. I just want to rate limit by source IP. > I read the manual, faqs, troubleshooting, goole, etc. but no clue on > what's happening. I'm unable to rate-limit DNAT rules. Maybe I made a > silly mistake but I have no clue... > > My policy file ends with REJECT all all and there is no ACCEPT net loc > so that theoretically if the rule rate-limited do not match the packet > should be droped... > > Please, any idea on how Im doing wrong?? No -- we need to see the output of 'shorewall dump' collected as described at http://www.shorewall.net/support.htm#Guidelines -Tom -- ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
shorewall_dump.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
